AD replication acceptable latency

A

Alistair Keay

What latency is acceptable for a vpn link between two
sties which will support ad replication in a single
domain\multiple site configuration?

Currently most of the company's sites are UK based with a
few international sites.
All links are currently 64k or above leased lines.
Number of users = about 1500 with exchange 2000 in a
single domain with multiple sites.
No custom attributes in ad.
Staff turnover is relatively low.
DNS is ad integrated.
Limited RAS access.

Looking to add a new site with its own dc and exchange
2000 server in Shanghai. Number of local users = 100

At shanghai looking at a 1.5Mb link to the ISP.
In UK the main HQ link to the internet is 6Mb.
However getting a ping time of 600-700 ms from UK to
Shanghai office.

Can this support a site in the same domain as the rest of
the organization?
The actual bandwidth is not accurately known.

Any advice would be gratefully accepted.
 
R

Ryan Hanisco

Alistair,

Since it appears that there will not be a lot of changes in your
infrastructure, you need to ask yourself, what the acceptable latency is
from a business prospective, rather than a technical one. It is completely
possible for you to replicate only once a day -- it will just have the
effect that changes in the remote site may not have privileges to resources
elsewhere in the domain until replication completes. You need to have a
good handle on which resources are going to be used and how.

If you need more immediate access (own RID Pools and PDC Emulator),
different security rules, or need to separate the business roles, a second
domain might be a better option.

I would probably go with a remote site replicating once a day. You will
need to make sure you have a GC and DNS running locally. Also, you should
consider a local Exchange box, especially if you have a very large GAL or
integrated CRM.

Also, take into consideration your RAS (or IAS if you're using it). A lag
in replication could affect remote authentication to accounts in the remote
site.

Finally, in the long run, you may consider moving to server 2003 for your
domain controllers. Its ability to do delta updates can significantly cut
down replication traffic.

Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Site Topology 8
AD Replication 4
Replication Topology Redesign 7
Innundated with 1864 and 1862 replication errors after introduction of "lag-site" (longish) 0
AD Replication stopped 1
Active Directory Replication 2
Single domain AD with many separated offices 9
AD Sites and Replication 3

Top