How many Windows 2000 Sites will I need?

[Dublin73]

Hi,

Attention all Windows experts! I'm migrating an NT 4.0 domain to Windows 2000 next year. There's 4 VLANs on the network, all sitting on 1 Cisco layer three switch.

Each VLAN has approximately 300 client PCs connected to it. There aren't any slow links on the network.

Now here's my question. I estimate that we will need 3 DCs, I'll spare you the details of how I came to that conclusion.

Since the VLANs are all connected by such good connectivity do I go with just one Active Directory Site for the building or should I set up three, placing a DC in each site?

I understand the Microsoft text book definition of what an AD Site is ( multiple subnets and/or domains can be put into a single site), but still can't decide which way to go with this one, 1 AD site or 3?

My thinking is that 3 sites will add control over user logon authentication to the domain. Are there other benefits to the three sites that I'm not thinking of? Besides the obvious, the ability to schedule AD replication between the DCs.

Any takers on this one?

thanks in advance

 

[58sniper]

Well, not knowing why you came up with 3 DCs and not more, I'd say you should have 4 sites, each with at least one DC, and each DC as a GC. Defining sites helps also make sure that clients are authenticating to the local DC and not something across the WAN.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[Dublin73]

Thanks for responding. There's no WAN or routers involved. All 4 subnets are sitting in the same office building. There's no latency in commnications between one subnet and the other as they're all on the one layer three switch.

Paticularly, if a client PC is sitting in ( let's call it ) subnet 1... and he's going to authenticate with a DC that's in subnet 2, there's no latency in communication between the client and DC.

That's what makes me question whether the seperate AD Sites are required.

Do you still believe that 4 Sites are required?

I agree with your comment on the GCs.

 

[58sniper]

Well, that does change things. I just realized your original post said VLANs, and I was thinking VPNs. My bad. It's been a long day.

If that's the case, I'd say you're all set with one site, multiple DCs and GCs, and the appropriate DHCP & relays to handle the various VLANs.

Multiple sites is nice because it does help "contain" authentication traffic to the local site.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[porkchopexpress]

The advice here is sound but i have one question why are you going to windows 2000 next year was that a mistype?

With that timeframe i'd be thinking wait another 6 months and move to longhorn server.

 

[Dublin73]

Thanks all! The reason for going to 2000 is the number of legacy apps tht are in place. We may go w/ XP on the clients and 2003 on the servers, but won't be able to jump to longhorn just yet.

I'm still trying to figure out where they got the name from, longhorn sounds like an all you can eat steakhouse or something!

For the AD Sites, I'm leaning towards setting up just one. then dividing the network into 3 seperate AD sites at a later time, if logon times are slow.

 

[Zelandakh]

1,200 PCs in total. Why are you doing multiple VLANs? Is there a reason for separating them in this way?

 

[Dublin73]

The VLANs are already in place. WINS is a large part of the network, so the VLANs may have been implemented to isolate WINS and/or DHCP broadcast traffic.

 

[PScottC]

I would suggest building one site, based on the environment that you describe. Be sure to define the subnets, though, in AD Sites and Services, and assign them to "default-first-site-name". The DCs will automatically load balance the authentication traffic.

I agree with porkchopexpress... You should at least go to 2003/XP. Otherwise you'll be upgrading again because MS is probably going to end-of-life 2000 pretty soon.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[Seaspray0]

You should divide your sites by the speed/latency between them. If all locations are connected by 100 Mhz ethernet, then I would consider them in a single site. If you have 100Mzh in each location connected together by a 1.5 Mhz T1 connection, then I would consider them different sites.

The purpose of dividing your network into sites is to control how active directory and other services (DNS, WINS) replicate their data between the services located at other sites. You limit the replication to prevent clogging your bandwidth. Sites are in no way related to the number of domains you have... you can have 1 domain with many sites, or many domains in a single site, or a mix of multiple domains and multiple sites.

Make your decision on how many domains you need based on how you wish to ! MANAGE ! it. In a centralized management, you will have a single domain and IT administration will be performed for all branch locations from a single IT group. In a distributed management, you may require multiple domains where seperate IT groups manage their domain/subdomain. How is your IT department organized? The Security book for Microsoft course 70-220 or 70-298 covers in more detail on chosing how many domains you need.

Start, Help. You'll be surprised what's there. A+/MCP/MCSE/MCDBA