Either option is perfectly valid depending on your
needs. Just because you're removing the DCs from the branches does not
mean you need to collapse the sites, too. If you have any site-aware
apps/services like DFS, SMS, etc that may exist in the branches then having
those sites can provide benefit. You might also utilize the sites for your
logon script logic. As long as the branch sites have their subnets
properly defined and site links back to their correct hub site then automatic
site coverage will take care of things by ensuring the proper core DC(s) assume
coverage (ie: register DNS records) for their branches.
Or... you can collapse the branch sitse and re-assign those
subnets to the appropriate hub site. If you have no need for the branch
sites then this is a valid option, too.
I would personally lean towards option A as to me it's more
likely to provide some benefit and it'd be a pain to go through the effort of
collapsing everything and then realizing you actually do need those sites
and have to re-create everything. But again, either option is valid
depending on your environment.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of James Carter
Sent: Thursday, March 30, 2006 2:36 AM
To: [email protected]
Subject: [ActiveDir] DC Demotion & AD Site Configuration
Sent: Thursday, March 30, 2006 2:36 AM
To: [email protected]
Subject: [ActiveDir] DC Demotion & AD Site Configuration
Hey guys,Single Windows 2003 Domain.I have 5 core sites and 70 branch offices. Each of the core sites host 2 x dc's and each branch office has a DC.The design is legacy from NT4 whereby we had a BDC at each of the branch offices as they had slow WAN links at the time. During the upgrade, each of the BDC's were made dc's. Each dc is located in it's own AD Site & IP Subnet defined.Our concerns are that some of these remote dc's are located in insecure environments, i.e the are just a server sat in an unlocked closet in a business office environment.We've just completed an WAN upgrade and our links are minimum of 1mb to each of the remote offices.This is good news for us, as we can now demote most of the remote dc's (about 60 of them)My question is regarding the cleanup process. We have 75 AD Sites created with a subnet assigned to each site. Once the demotion process takes place, will I need toa) add the IP subnet to the core site so that the branch office is serviced by the dc's located there and then delete the old AD Site which no longer holds a dc.b) leave the AD site in existance with the IP Subnet assigned and let the DC locator service find a DC for the client to authenticate to? (this means I am left with a load of un-needed Sites in AD..I assume)We also use DFS but moving to DFS-R shortly.Thoughts anyone?Jim__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
