Creating Remote sites Properly

[Brian]

I have a question regarding setting up remote sites in AD sites and
services.

I have 3DC's in corp office on same subnet

I also have 3 seperate remote offices with a DC in each. My question
is how should I setup the replication topology between the remote
sites and corp office. Right now I have many clients who authenticate
across the lan to a remote DC, and I would like to correct this.

All domain controllers currently run windows 2003 server
One DC in corp office hosts Primary DNS
One DC in corp office hosts Secondary DNS

3 DC's in corp office. 10.1.1.x
remote office 10.1.2.x
remote office 10.1.3.x
remote office 10.1.4.x

 

[Cary Shultz [A.D. MVP]]

Brian,

This *may* be a little bit different in WIN2003 but here is how you do it in
WIN2000.

Create a Site for your first 'remote' subnet. Let's call this Miami.
Associate the 10.1.2.x subnet to the Miami Site.

Create a Site for your second 'remote' subnet. Let's call this one Atlanta.
Associate the 10.1.3.x subnet to the Atlanta Site.

Create a Site for your third 'remote' subnet. Let's call this one Columbia.
Associate the 10.1.4.x subnet to the Columbia Site.

Let's say that your HQ is in Charlotte. If you have not already done so,
create the 10.1.1.x subnet and associate it with the
Default-First-Site-Name. You can rename this to Charlotte if you so choose.

We are going to use the hub and spoke model. This is where Charlotte is the
hub and all of the Sites are connected to Charlotte. It would be a really
good idea to have a Firewall at the Charlotte Site that can handle multiple
VPNs as you should strongly consider creating a Site-to-Site VPN from
Charlotte to Miami and a second VPN from Charlotte to Atlanta and a third
VPN from Charlotte to Columbia. You would also need a Firewall at the three
remote locations that can handle the VPN ( doh ). Cisco and SonicWall have
some nice products.

You need to make sure that the Domain Controller in each Site has the proper
IP Address ( I am sure that you are using either a Reservation or a Static
IP Address for all of your servers ) and is located in the correct Site in
the ADSS MMC..

You would probably want to make each of the Domain Controllers a Global
Catalog Server as well. DNS would also be important. Probably DHCP as
well.

Please take a look at the following MSKB Articles on how clients locate a
Domain Controller:

http://support.microsoft.com/?id=247811
http://support.microsoft.com/?id=314861

Our friend the KCC - with a little help from the ISTG - will make sure that
everything is done properly. However, it is extremely important that the
Sites and Subnets be set up and configured properly. The KCC uses this
information. The one thing that you would need to do would be to set up the
Site Links. There would already be one ( the DEFAULTSITELINK ) that is
partially set up. You would need to add the second Site ( you will see that
Charlotte is already there - you would simply add Columbia, for example ).
You would then set up another Site Link for Charlotte - Atlanta and a third
for Charlotte - Miami. You would need to create the Costs as well as the
Schedule and the Intervals associated with each Site Link. You will want to
think about bridging all Site Links.....

This is a pretty vanilla account of what you could do. We would need a lot
more information from you in order to give you a more appropriate response.

How many users are in each Site? What are the client OSes? What are the
connection speeds between each location? Do you want / need all Sites to be
linked to the others? You get the picture.

HTH,

Cary

 

[Brian]

Thanks for the response Cary:

Hopefully I can provide the info you stated was necessary.

# of Users
Corp Office- 400 (I should have originally stated the corp office
spans 9 subnets)

Remote Offices all have 30-50 users connected by redundant T1 Wan
links. The corp office houses the firewall and all outside
communications from remote offices are routed thru said firewall.

Client OS's are windows NT 4 (AD EXT Installed) XP, and Win2k.

DHCP is running on all remote DC's for their respective offices.

I am not sure if I want/need all the sites to be connected to each
other. I just want to try and make the replication traffic as
effecient as possible.

I have included the global catalog server role on all remote DC's as
well.

I would like to make all DC's AD integrated DNS Servers as well.

Thanks again

 

[Cary Shultz [A.D. MVP]]

Brian,

I might just stick with the example that I gave you in my response. That
vanilla suggestion seems to be pretty good for your case. You would just
have to crate nine Subnets for the HQ. I would assume that the other remote
offices would have but one Subnet.

What is your concern with the Site Link bridge? This usually does not cause
any problems. However, I will say that I believe ( and I have not done much
at all with WIN2003 Server yet! ) things are a bit different in WIN2003 and
that this part of a 'Branch Office' deployment is handled much better. I do
not have any of the details on this at the moment as I have not really done
much with 2003 yet. Just know that I have heard a few things and read a few
posts in the windows.server.active_directory news group.

Essentially as long as your Sites are setup correctly and all of the Subnets
are associated with the correct Site then your user base *should* be
authenticating against a Domain Controller in its Site ( and, thus, avoiding
the WAN link ).

As I mentioned in my initial response, if those two things are configured
correctly then both your Intrasite and Intersite Replication should run
without a hiccup.

HTH,

Cary

Thanks for the response Cary:

Hopefully I can provide the info you stated was necessary.

# of Users
Corp Office- 400 (I should have originally stated the corp office
spans 9 subnets)

Remote Offices all have 30-50 users connected by redundant T1 Wan
links. The corp office houses the firewall and all outside
communications from remote offices are routed thru said firewall.

Client OS's are windows NT 4 (AD EXT Installed) XP, and Win2k.

DHCP is running on all remote DC's for their respective offices.

I am not sure if I want/need all the sites to be connected to each
other. I just want to try and make the replication traffic as
effecient as possible.

I have included the global catalog server role on all remote DC's as
well.

I would like to make all DC's AD integrated DNS Servers as well.

Thanks again



"Cary Shultz [A.D. MVP]" <[email protected]> wrote in message

Brian,

This *may* be a little bit different in WIN2003 but here is how you do it in
WIN2000.

Create a Site for your first 'remote' subnet. Let's call this Miami.
Associate the 10.1.2.x subnet to the Miami Site.

Create a Site for your second 'remote' subnet. Let's call this one Atlanta.
Associate the 10.1.3.x subnet to the Atlanta Site.

Create a Site for your third 'remote' subnet. Let's call this one Columbia.
Associate the 10.1.4.x subnet to the Columbia Site.

Let's say that your HQ is in Charlotte. If you have not already done so,
create the 10.1.1.x subnet and associate it with the
Default-First-Site-Name. You can rename this to Charlotte if you so choose.

We are going to use the hub and spoke model. This is where Charlotte is the
hub and all of the Sites are connected to Charlotte. It would be a really
good idea to have a Firewall at the Charlotte Site that can handle multiple
VPNs as you should strongly consider creating a Site-to-Site VPN from
Charlotte to Miami and a second VPN from Charlotte to Atlanta and a third
VPN from Charlotte to Columbia. You would also need a Firewall at the three
remote locations that can handle the VPN ( doh ). Cisco and SonicWall have
some nice products.

You need to make sure that the Domain Controller in each Site has the proper
IP Address ( I am sure that you are using either a Reservation or a Static
IP Address for all of your servers ) and is located in the correct Site in
the ADSS MMC..

You would probably want to make each of the Domain Controllers a Global
Catalog Server as well. DNS would also be important. Probably DHCP as
well.

Please take a look at the following MSKB Articles on how clients locate a
Domain Controller:

http://support.microsoft.com/?id=247811
http://support.microsoft.com/?id=314861

Our friend the KCC - with a little help from the ISTG - will make sure that
everything is done properly. However, it is extremely important that the
Sites and Subnets be set up and configured properly. The KCC uses this
information. The one thing that you would need to do would be to set up the
Site Links. There would already be one ( the DEFAULTSITELINK ) that is
partially set up. You would need to add the second Site ( you will see that
Charlotte is already there - you would simply add Columbia, for example ).
You would then set up another Site Link for Charlotte - Atlanta and a third
for Charlotte - Miami. You would need to create the Costs as well as the
Schedule and the Intervals associated with each Site Link. You will want to
think about bridging all Site Links.....

This is a pretty vanilla account of what you could do. We would need a lot
more information from you in order to give you a more appropriate response.

How many users are in each Site? What are the client OSes? What are the
connection speeds between each location? Do you want / need all Sites to be
linked to the others? You get the picture.

HTH,

Cary