Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

two Domain controllers in 2 seperate locations...help defining Roles

Status
Not open for further replies.
mlchris2

mlchris2

Technical User
Mar 18, 2005
512
US
I need some help as I belive I've got replication/role issues.

*Corp Office
*Domain Controller
***DHCP
***DNS
***AD
*80 XP Pro machines

*Colocation
*Domain Controller
***DNS
*15 Production Servers
***Exchange 2003 server

*Corp office subnet is 10.0.0.x
*Colo office subnet is 10.0.1.x
*a Cisco 2651 placed in each location. Acting as the gateway in both sites. Connected with bonded T1's between both offices. Routes all Corp and Colo traffic between both locations
*Primary DNS server is set to Corp DC on all pc's/servers and Secondary DNS server is set to Colo DC on the same

I want to make sure I've got the best configureation in place
1. what roles should the Corp DC hold?
2. what roles should the Colo DC hold?
3. DO I have DNS configured efficiently on all pcs/servers?




Mark C.
 
Sort by date Sort by votes
Why do you think you have replication problems, you dont describe any issues? Your setup looks ok based on the info you provided. Only thing i might do is make the colo an additional global catalog server.


hope this helps,

RoadKi11
 
Upvote 0 Downvote
I would need a bit more information here to help further.
Is DNS setup to be Active Directory Integrated? I would recommend this if not already done and ensure you only allow secure updates to your DNS zone.

The clients at each site should be pointed to their local DNS server as the primary and the remote as a scondary. You can configure this easy enough in your DHCP scope.

In order to control replication you would have to create a new site in AD. Rename the default first site to the main site name and then move the DC for the Colocation site. Also create the subnets and associate with each site.

The clients can then authenticate to their local DC instead of traffic potentially going over your WAN link.

If you have no AD related applications running then you could just enable Global Catalogue caching at the Colo site. If you do then make the DC a Global Catalogue but this will increase replication traffic on your WAN link.

If you only have 2 DC's in your domain then the first DC you created will hold all 5 FSMO roles.

It is not recommended to have the Global Catalogue and Infrastructure roles on the same DC in multiple domain environments. Otherwise, placement of the roles should be based on the number of users. The site with the most users should have the RID, IM, PDC roles as the assumption would be that is where most AD changes will be occuring.



 
Upvote 0 Downvote
let me clear up a few things I've left out that might make things a bit clearer for all of you.


I was searching through Event Logs on the DC's and was getting alot of Event ID 1058 errors, relating to GPO. I believe I've fixed this issue. I say this quite a bit, but the previous SA removed a old DC, but didnt remove any DNS records. I put a server on the network and used the old IP of the old DC and started seeing problems. I've since resolved and now my concern is I have the ideal configuration and proper server roles assigned, DHCP config, etc.

*One domain for both locations.
*Active Direcotry - Integrated, Replicating to ALL DNS servers in AD. Allowing only Secure updates.
*DHCP is setup as you recommended.
*the only devices at the COLO are Servers. All end-users are housed in the corp office.

BASST -
could you provide more info on "creating a new site in AD"? Would this still apply with the new information I update the post with? I would do this work in AD SItes and Services, correct?

The goal of the network would be that anytime the Corp DC is down, the Corp users would authenticate on the Colo DC and the likewise for the Colo servers.

Should the Corp DC hold all FSMO roles? nothing should be given to the Colo DC? Current roles- RID, IM, PDC are held by the Corp DC and Infrastructre is held by the Colo DC


Mark C.
 
Upvote 0 Downvote
I read on a few other forums and talk to another Sys Admin and the roles I had in place are correct. The only thing I decided to do was put a global catalog on the DC in the COLO site.

thanks for all your help

mark

Mark C.
 
Upvote 0 Downvote
I read some in the MS site...

the roles and design seem to be working fine. the only change I made was to put a Global Catalog on the DC in the COLO site.

thanks to all.

mark

Mark C.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
824
gbaughma
gbaughma
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
724
Aquiles Vidal
Aquiles Vidal
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
374
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top