Beginer AD Question

[Guest]

Hi
I have 3 domain controllers. All 3 machines are in the same domain. 2 of them are in one subnet and the 3rd in another subnet. I am having trouble with replication across the subnets. I get an error about once a day that says the DNS name of the lone machine in the other subnet could not be found for replication to work. The DNS server seems to be working fine because I can resolve the name

The rest of the time everything seems to work ok. When I look in AD Sites and services I don't see any subnets setup. All 3 machines are in the same location and connected by the LAN.

My question is do I need to setup the subnets to keep the replication working right? And does anyone have a good guide on the AD Sites and Services snap in

Thanks

 

[Ace Fekay [MVP]]

In

Hi,
I have 3 domain controllers. All 3 machines are in the same domain.
2 of them are in one subnet and the 3rd in another subnet. I am
having trouble with replication across the subnets. I get an error
about once a day that says the DNS name of the lone machine in the
other subnet could not be found for replication to work. The DNS
server seems to be working fine because I can resolve the name.

The rest of the time everything seems to work ok. When I look in AD
Sites and services I don't see any subnets setup. All 3 machines are
in the same location and connected by the LAN.

My question is do I need to setup the subnets to keep the replication
working right? And does anyone have a good guide on the AD Sites and
Services snap in?

Thanks!

Yes, if the links are slow and you want to control replication, you can
create a subnet object, then create a site and then associate that with the
subnet object, then create a site link and set cost, schedule and frequency.
If the links are fast (528k or better) and depending on the number of users
and applications accessing the link, you can keep them in the same site. In
this case, just create the subnet objects and associate it with the
Default-First-Site-Name.

Replication can also be hampered by using ISP DNS addresses in IP
properties, since they do not "know" of your domain (causes numerous otther
problems too). DNS servers across the infrastructure need either a copy of
the zone of each domain or use of other methods, such as delegation,
forwarding, etc to insure resolution throughout the forest. If there's an
ISP DNS in IP properties, things WILL go south.

Also replication can be hampered by your routers/VPNs/ firewall access
rules. Replication will also NOT work across a NAT. Need a VPN thru the NAT
to allow that. NAT doesn't support RPC, Kerberos or LDAP.

Also replication can be hampered if you (or someone else) changes the MTU
settings on a router such as, to improve Video COnferencing. This will cause
LDAP to fail.

Here are some links on how to manage sites. THere are many but I just posted
a few of them for you.

Active Directory Sites and Services:
http://www.microsoft.com/technet/prodtechnol/windowsnetserver/proddocs/datacenter/Dssite.asp

Best practices for Active Directory Sites and Services:
http://www.microsoft.com/technet/pr...ddocs/entserver/sag_ADsite_best_practices.asp

Create a site link:
http://www.microsoft.com/technet/pr...roddocs/entserver/DSSite_create_site_link.asp

Create a subnet {Site Subnet Object]:
http://www.microsoft.com/technet/pr.../proddocs/datacenter/DSSite_create_subnet.asp

Managing Sites:
http://www.microsoft.com/technet/prodtechnol/ad/windows2000/maintain/opsguide/part1/adogd06.asp



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory