Announcement

Collapse
No announcement yet.

AD Site Replication advice required

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Site Replication advice required

    Hiya,

    This is the current setup:

    Windows 2003 One forest, one domain (say local.domain) and 5 sites (UK, Spain, Canada, Ireland, France). Canada is the hub and the rest are spokes.

    Each site has 1 DC with GC, except for Canada which has 2, one of which holds the schema,etc.

    All bandwidth links are good speed so replication not an issue

    I need advice on how to create an effective working AD replication topology between sites

    Currently I have DCs replicating some to others and some from others. It appears disjointed. I have attached a diagram with the NOW situation and MY IDEA. I would very much like comments and advice on how best to do it....My principal idea is for each site DC to replicate to and from the HUB (Canada DC1) and for Canada DC1 and DC2 to replicate intra site to and from via RPC.

    Thanks in advance and hope you can help

    Cheesy
    Attached Files

  • #2
    Re: AD Site Replication advice required

    Hi

    Regarding the replication topology,
    Wouldn't you be better creating two Hubs instead of one, that way you can avoid a single point of failure.
    Whatever you decide to do you need to planit carefully because you have the time difference to consider when you schedule the replication.

    This article will give more of an insight: http://technet2.microsoft.com/window....mspx?mfr=true

    Here is another article with some tips regarding Ad site replication: http://www.informit.com/articles/article.aspx?p=21472

    Cheers
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: AD Site Replication advice required

      I would make Canada the first hub since it has 2 Domain Controllers.

      Then you could take the site that has the most bandwidth and make it the second hub.

      For 5 sites that should be good.
      VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

      Comment


      • #4
        Re: AD Site Replication advice required

        ok , Assuming that all sites can connect with each other as far as network goes.
        If that is the case a 2nd HUB is not needed.
        what you should do is a simple HUB/SPOKE configuration (as you originally planed).
        create 4 sitelinks.
        1) Canada <-> UK
        2) Canada <-> Spain
        3) Canada <-> Ireland
        4) Canada <-> France

        * Connect each site to it's link (e.g. Canada <-> UK, should contain both sites "Canada & UK").
        * Don't create any Manually connections between Partners, Let the KCC/ISTG do it's job - and it does it well.
        * Don't Configure any Preferred Bridge head server (ISTG/KCC does a good job there as well).
        * Make sure that BASL is Enabled in the IP Transport.
        * By enabling BASL you are making sure that there would be no single point of failure.

        KCC is a process that is running on every DC in the Forest, by default KCC runs a Topology test/check every 15 min' and corrects whatever needs to be corrected. e.g. if a Site is down then KCC would automatically create a connection between other sites
        skirting the site/site-link that is down (assuming BASL was not disabled) that use to be a path way to other sites replication,
        in away creating a Temporary Site link - well you know what I mean... NOTE: KCC would not correct or change a manually created connections between partners.
        ISTG runs on one DC of every site in the forest, it's main role is controlling bridge heads.
        Initially, the first server in the site becomes the ISTG for the site. The role does not change as additional domain controllers are added to the site until the current ISTG becomes unavailable.

        I am planing to post here very shortly a good guide for AD Trouble Shooting Including Site Replication, I just finishing collection the material and composing the post.

        basically as a golden rule:
        Site links should typically contain only two sites. Adding three or more sites will result in a full-mesh topology between each of those sites.
        Creating redundant site links is typically not required unless BASL is disabled.

        BASL – IP

        BASL causes DCs to treat all site links as transitive. This means that if Site A is linked to Site B and Site B is linked to Site C, Site A can also access Site C.

        *By default, BASL is enabled. It can typically be left enabled as long as the physical network is fully routable and all DCs can communicate with each other. If any DC cannot communicate with every other DC, because of routing restrictions, firewalls, VPN tunnels, and so forth, then BASL should be disabled. Otherwise, errors will result as the KCC warns that it cannot contact DCs in non-adjacent sites.

        *Disabling BASL has the following repercussions:
        *Site links must be created between any sites that may need to replicate between each other. Even more care must be taken to ensure that all NCs can find inter-site replication partners across the defined site links. Isolating DCs becomes much easier with BASL disabled.
        *DFS site costing and automatic site coverage in non-adjacent sites will no longer work unless manual site link bridges are created
        Last edited by Akila; 16th July 2008, 11:14.

        Comment


        • #5
          Re: AD Site Replication advice required

          Originally posted by L4ndy View Post
          Hi

          Regarding the replication topology,
          Wouldn't you be better creating two Hubs instead of one, that way you can avoid a single point of failure.
          As Akila has already pointed, if you have "Bridge All Site Links" feature enabled, and the DCs at the HUB are down, you are still fine.

          Given SpokeA<->HUB<->SpokeB, if BASL is enabled, HUB site is down and there is network connectivity between SpokeA and SpokeB, the two Spokes will replicate with each other. If BASL is disabled, you are indeed correct.
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            Re: AD Site Replication advice required

            Wow, thanks guys....a special mention to Akila who has put together a cracking explication of KCC/ISTG and has cleared up a lot of "missing" areas in my knowledge....I look forward to reading your troubleshooting guide...any idea where and when you plan to post this?

            Akila: I have attached a printscreen of the current site link topology and what I wanted to do was remove the London-Dublin and London-Madrid site links and create a 121Bloor (Canada) - Madrid site link. I see this as part of your 4 sitelinks.....sorry, I got France wrong, it was in fact Montreal.

            So once I have removed the 2 sitelinks mentioned and created the 121Bloor-Madrid one, do I have to manually create anything else? Or does one have to run KCC? I am not familiar with KCC whether it is a program you run or it is automatic and how does one check it?

            BTW, BASL is enabled on IP Transport

            Look forward to your response and once again thanks for the insight...much appreciated
            Attached Files

            Comment


            • #7
              Re: AD Site Replication advice required

              Just to add the following:

              If once I have created the new site link, 121Bloor-Madrid, are the connectors automatically created (by KCC), do I have to run a repadmin command to force new topology, etc?

              If you could list the processes in order, that would help me a great deal..

              Thanks again

              Comment


              • #8
                Re: AD Site Replication advice required

                ok, I see the confusion you have about the KCC, lucky for us KCC is very automatic mechanism that does the job for you

                any way what you should do is the following.
                1) delete Those Links you want to delete.
                2) create the Canada - Madrid Link.
                3) goto every Site (all of them) Site -> Servers -> SERVER - > NTDS Settings. and delete any manual created Links there are there. You can determine if it was created Manually or Automatically by seeing if it has "<automatically generated>.

                Now you got two options for KCC to create them
                1) wait for the KCC (on the DC) on his next schedule cycle to generate the connections based on the Site links, cost, etc - by Default every cycle is 15 min'
                2) the Other option you got is if you don't want to wait for the Cycle , you could manually run the KCC by typing the following command "repadmin /kcc" , this should be run on every DC.

                Hope I answered your questions.
                Last edited by Akila; 16th July 2008, 13:07.

                Comment


                • #9
                  Re: AD Site Replication advice required

                  I get the idea Akila....just one doubt....I have the site link 121Bloor-Dublin already existing with both Dublin and 121Bloor sites in the site links, but when I look in NTDS settings of the 121Bloor server, there are 3 automatically generated connectors but there is no one with the Dublin server and when I look on the NTDS settings of the Dublin server I see there is a manual connector created with the 121Bloor server.... could you explain this and advise please?

                  Thanks!

                  Comment


                  • #10
                    Re: AD Site Replication advice required

                    KCC does not handle manually created connections , that is why it is recommended KCC configure everything Automatically.

                    just delete those manual connections and KCC would re-create them (this time automatically managed by KCC). You know what if you want you may even delete all of them even those who are auto and KCC would revise everything any way.

                    I my self about a year ago Deleted all my partners links that were created manually in the past (none were Auto connections) in one go and everything was re-created by KCC in less then 30 min'.
                    and I have over 30 sites and around 40 DC's.
                    Let the system heal itself it does it very good.
                    Last edited by Akila; 16th July 2008, 14:33.

                    Comment


                    • #11
                      Re: AD Site Replication advice required

                      Thanks very much Akila for your responses and information!

                      I will follow your advice when I come around to doing these changes this week

                      Comment


                      • #12
                        Re: AD Site Replication advice required

                        Akila,

                        Thanks for posting such good info about KCC/ISTG

                        You mentioned posting a guide earlier, have you happened to finish this guide ? It would probably save me a headache for me in the future, since i'll probably forget about repadmin /kcc ..lol

                        Comment


                        • #13
                          Re: AD Site Replication advice required

                          Originally posted by hboogz View Post
                          Akila,

                          Thanks for posting such good info about KCC/ISTG

                          You mentioned posting a guide earlier, have you happened to finish this guide ? It would probably save me a headache for me in the future, since i'll probably forget about repadmin /kcc ..lol
                          I am at the moment on WINS part (done Sites and Sitelinks/replication/dns/DFS/SYSVOL,etc) I got few more to add and tweak it b4 posting it

                          Comment


                          • #14
                            Re: AD Site Replication advice required

                            Not exactly the same question as with the original poster - yet I believe it's somewhat relevant...
                            I have an AD forest of two trees - one consisting of a single domain (also forest root) and the second of three domains (one tree root and two child). All DC's are in the same site.
                            First thing I spotted was not all NTDS connectors were generated automatically - only the forest root controller shows connectors to all other DC's (some of them aren't shown on the other side). The (potentially) bigger problem is that the AD-integrated DNS zone for one of the two child domains doesn't replicate to forest root DC (and even doesn't get created automatically as others did).
                            Can someone make a guess as to what needs to be fixed?

                            Comment


                            • #15
                              Re: AD Site Replication advice required

                              aidenthanno: It is usually best to create a new post rather than hijacking.
                              I would check you have DNS setup correctly. Are these domains all in the same namespace or non-contiguous? Can they ping by name everything else correctly?
                              cheers
                              Andy

                              Please read this before you post:


                              Quis custodiet ipsos custodes?

                              Comment

                              Working...
                              X