Windows 2003 DC Question

G

Guest

Hi all,

question.. We have about 250 or so computers spread out all over the country
in offices that are connected to corporate by IPSec VPN's

We have two domain controllers which should be plenty.

I have one located on the east coast, and one on the west coast.. no other
reason than if our corporate office goes offline, the VPN's automatically
route to our east coast office and users can still login.

my question is is this a good working model?

Now reason being is because i'm evaluating spotlight on active directory and
its informing me that I have more than the expected LDAP client sessions on
the DC and that I might want to think about either 1. adding another DC or
two moving sessions to another DC.

How do I move them to another DC? And should I add another DC.. will that
significantly help?

If i've left anything out. please ask..
 
P

ptwilliams

Are you seeing all traffic hitting one and not the other?

If so, it's probably a DNS thing. Firstly, ensure that: all clients point
to both DCs for DNS (assuming that you are running DNS on your DCs), both
DCs are GCs, sites and subnets are configured, and you disable netmask
ordering on both DNS servers.

If these DCs reside in different sites, then your clients are probably
defaulting to the one DC due to it's site and netmask ordering. Also, if
the other isn't a GC, then this will account for more LDAP queries hitting
the box that is a GC.

It is usually recommended to have multiple DCs, but you already have this.
So I'd say look at spreading the load rather than simply buying another DC
for a particular site.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

Hi all,

question.. We have about 250 or so computers spread out all over the country
in offices that are connected to corporate by IPSec VPN's

We have two domain controllers which should be plenty.

I have one located on the east coast, and one on the west coast.. no other
reason than if our corporate office goes offline, the VPN's automatically
route to our east coast office and users can still login.

my question is is this a good working model?

Now reason being is because i'm evaluating spotlight on active directory and
its informing me that I have more than the expected LDAP client sessions on
the DC and that I might want to think about either 1. adding another DC or
two moving sessions to another DC.

How do I move them to another DC? And should I add another DC.. will that
significantly help?

If i've left anything out. please ask..
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain consolidation and decommission child domain in ActiveDirectory Windows Server 2003 3
AD design question. 2 Domains vs. 2 OUs 2
DC Question 2
Sites and Services question 5
2003 DC not replicating 2
Problem after DC has been rebuilt from scratch 5
relationship between child dc and parent dc 4
W2K DNS Forwarding 14

Top