Hi all, Sorry, I am way late weighing in on this one. I implemented some lag sites for our AD and wanted to chime in.
We have a small AD - five DCs 4 at our hub and one at a remote office. We have 52 sites but WAN pipes are fast enough so we don't need to distribute DC's. The boss wanted some Security Principal DR.....object level recovery. I leveraged our Virtual Server boxes located in our hub site to stand up three additional DCs in three separate sites (lagone, lagtwo and lagthree) all three are GCs. So as you can see the additional cost was only for OS licenses. This cost the City less than putting dual monitors on our desktops. I don't consider my time as an additional cost because I would be working anyway. Lagone replicates on Monday, Lagtwo on Wednesday, and Lagthree on Friday....all three at midnight. Site links are configured as such. I found a script on the net to toggle on / off the NIC, so I use a scheduled task to toggle it on at Midnight, force replication and toggle it off. Turning off inbound replication on the Lagsite servers doesn't stop forced replication from replicating changes to the boxes, hence the reason I toggle the NIC. Ultrasound and MOM bitch a little because they can't communicate with the LAG site servers at all times, but sometimes MOM doesn't know best. Now for recovery....at this shop, as with most other shops I have worked at, our operators don't have the skill sets to perform recoveries......of any type.....and don't have the aptitude or desire to learn. Unfortunately this is a government job and we can't just can them. Because the boxes are on Virtual Server I can connect to them remotely....even with the NIC turned off. Recovery takes around 10 minutes and doesn't require taking down a production DC. With the enhancements in NTDSutil with 2003 SP1 we no longer have to worry about running the authoritative restore twice....once to recover the user object and the second time to restore the groups the user was a member of. One authoritative restore and bang were done. We don't have a Global AD....but how many shops do? My thought is if you have a global AD you probably have the funding to purchase a third party product. IMO the majority of AD implmentations are small to medium size businesses and probably don't have the funding for say a Quest Recovery Manager. I may have left something out. It has been months since this was implemented. If anyone has any question feel free to contact me. If you can poke holes at my lagsite(s) implementation please do. I learn new stuff everyday.... Shawn Hayes GCWN, MCSE NT/2000/2003 - Messaging -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wyatt, David Sent: Thursday, March 09, 2006 7:43 AM To: [email protected] Subject: RE: [ActiveDir] AD Lag Sites Cheers Tomasz. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: 08 Mar 2006 21:39 To: [email protected] Subject: Re: [ActiveDir] AD Lag Sites Wyatt, David wrote: > What MS paper? > http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3-4 209-8ED2-E261A117FC6B&displaylang=en At the end of this document You will find information how to do this. As Jorge pointed today on our chat on IM this document is not addressing potential SYSVOL issue after such restore so BurFlags should come into play: http://support.microsoft.com/kb/290762 -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ************************************************************************ **** This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. ************************************************************************ **** List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
