You're going to want to consider implementing sites - we made each location with a DC its own site, and then took any location that didn't have a DC and add that to the site which it is most closely connected via the WAN.
------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Turner, Robert D. Jr [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 07, 2003 9:07 AM > To: NT 2000 Discussions > Subject: RE: Choosing domain controllers > > > Thanks for the expansion. We are one Site, so I've have no direct > experience in setting this up. Our management has decided > that rather than > more than one site, they will provide bandwidth where it's > needed. So far > that has been working well. > > I think the slowest connection we have to a remote office is roughly > equivalent to 10BaseT. In our case all data is at data > center, so putting a > DC in a remote site would allow them to logon in the event of > a WAN outage, > but since data is remote, logging on would get them nothing. > > Bob > > -----Original Message----- > From: Joe Pochedley [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 07, 2003 8:06 AM > To: NT 2000 Discussions > Subject: RE: Choosing domain controllers > > To expand a little on what Robert said.... > > Use Active Directory Sites and Services to set up different > sites within > your domain... From there you can assign which DC's are > responsible for > which subnets. Therefore when a user goes to authenticate, > he will always > attempt to authenticate to a local DC first. If you so > desire you can also > decrease the replication time between sites to decrease the amount of > replication traffic over your VPN links. > > Using ADSS, you can also set it so that only one DC at each > site replicates > to the other DC's across the WAN links which can further > reduce replication > chatter. This works great in Native mode, but if you're > still in Mixed mode > those DC's who aren't replicating directly with the FSMO with > generate 1586 > errors in the Directory Service event log. > > Hope that helps. > > Joe Pochedley > If you have time to do it twice, > you had time to do it right in > the first place. > > > -----Original Message----- > From: Turner, Robert D. Jr [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 06, 2003 6:46 PM > To: NT 2000 Discussions > Subject: RE: Choosing domain controllers > > > That is what Sites are for. > > Bob > > -----Original Message----- > From: Michael Staines [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 06, 2003 5:56 PM > To: NT 2000 Discussions > Subject: Choosing domain controllers > > > My company has multiple offices throughout the country. due to > the way the departments have formed it was not feasible to > run multiple > Domains throughout the multiple offices. We created a single > 2000 domain > which is in all our offices. We created VPNs between the offices, and > replicate between DCs that are in each physical location. > We have been having some problem with one office. The > replication between the offices is set to the default 15 minutes, > however, we are finding that sometimes a user will actually login > through a domain controller that is not the DC in his office > (someone in > NY will verify on a DC in Chicago). Its not the biggest deal in the > world, but if a user lock out his account, we either have to wait 15 > minutes (or less) for the lockout to replicate to our DC, or try and > find the DC that the user locked themselves out of. I was wondering if > anyone knows of a way to mandate a Domain controller. Some > way of saying > to the computer, "check for this DC first then look somewhere else" > > Any ideas would be helpful > > Thanks > Mike > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > CONFIDENTIALITY NOTICE: This E-Mail is intended only for the > use of the individual or entity to which it is addressed and > may contain information that is privileged, confidential and > exempt from disclosure under applicable law. > If you have received this communication in error, please > do not distribute and delete the original message. > Please notify the sender by E-Mail at the address shown. > Thank you for your compliance. > > ... > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > CONFIDENTIALITY NOTICE: This E-Mail is intended only for the > use of the individual or entity to which it is addressed and > may contain information that is privileged, confidential and > exempt from disclosure under applicable law. > If you have received this communication in error, please > do not distribute and delete the original message. > Please notify the sender by E-Mail at the address shown. > Thank you for your compliance. > > ... > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
