Announcement

Collapse
No announcement yet.

Prioritize Domain Controllers in AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Prioritize Domain Controllers in AD

    Ok, currently my AD sites and services has the default site named "Default-First-Site-Name" with all 3 domain controllers/global catalog servers. At my main facility I have an IP scheme of 192.168.1.xxx/24 and at my colo facility I have an IP scheme of 192.168.2.xxx/24. What you are saying is create a new site name colo, for example and create a new subnet of 192.168.2.0/24 select the site that associates with 192.168.2.0 and then move the colo DC server in default to the new colo site I created? If that's true, then active directory will first look at the "Default-First-Site-Name", if both those 2 domain controllers are down then pcs and servers will look to the second site?
    Last edited by marker; 27th October 2008, 21:25.

  • #2
    Re: Prioritize Domain Controllers in AD

    For future reference, questions related to Active Directory are best asked in the Active Directory forum.

    you basically answered yourself, you are on the right track.
    Site and Services and IP ranges configuration is the way to go for you.
    what you should do is create another site (in Site & Services) that would represent the remote office, add the Subnets for that site in the IP Subnet in site and services.
    that same you should do with your Primary site adding all the subnets for those also attaching it to you site that represents the Primary site.
    you could use any IP subnet class to cover your network , you could use a Class C Class B or whatever you want.
    just bare in mind that as more subnets you got configured the more the DCs would have to cash them in their RAM.

    Comment


    • #3
      Re: Prioritize Domain Controllers in AD

      just make sure the subnets you pick would not overlap with the sites actual IPs

      Comment


      • #4
        Re: Prioritize Domain Controllers in AD

        I have 3 domain controllers in my Active Directory. 2 DCs are in my network, and 1 is at a co-located facility with a Branch Office VPN established. I was reviewing my firewall logs and noticed that more than a few workstations and servers are using the DC that is at the co-located facility. The workstations and dhcp scope have the correct priority set with the co-located server to be used last. Now I understand that in Windows 2003 there is no such thing as Primary DC, but is there a way to configure the AD to prioritize the DC's. I was looking into AD Sites and Services but don't see a setting for this. All 3 DC's share the same subnet, but the co-located DC is on a different private LAN IP scheme. Can someone point me in the right direction?
        Last edited by marker; 27th October 2008, 21:28.

        Comment


        • #5
          Re: Prioritize Domain Controllers in AD

          Huh? all your sites are sharing the same subnet???
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Prioritize Domain Controllers in AD

            I think I'm getting this now. I'm currently setup as follows: I have my main facility in NY, my branch offices are in AZ, CA, GA, and a colo facility in NY. My branch offices in AZ, CA, and GA do not have a DC in there facilities, they look to the DCs at the main facility. The branches have firewall to firewall Branch Office VPNs configured to the main facility in NY. I have a backup DC configured at my colo facility with a firewall to firewall branch office VPN. What I need to do is rename the default site and add the subnets of the main facility, AZ, CA, and GA. Then create a new site named colo (for example) with the appropriate subnet linked to it. This way the main facility, AZ, CA, and GA will use the main facility DCs and if there is a failure on both DCs at the main facility the clients will look to the colo site in AD. Am I correct?

            Comment


            • #7
              Re: Prioritize Domain Controllers in AD

              'All 3 DC's share the same subnet, but the co-located DC is on a different private LAN IP scheme. Can someone point me in the right direction?'

              Picked the above up from your comments below. The co-located DC wil be on a different subnet as it has a different private LAN IP scheme, which you realised in your last posting.

              Sites work based on the subnet address. Clients will connect to their nearest DC using their subnet. I must admit, I haven't had to work much with sites but I'm sure Dumber cna correct me if I am wrong but I believe that if both DCs were down the clients would not look for a DC in the other site as it would probably mean that there would be no DNS and Sites and Serices to allow them to do so. It depends whether your DNS would be on a separate server in the main office where I believe it then uses the SRV records to try the DCs and providing routing is configured between the subnets on your Firewalls and site to site VPNs, the DC can then be used as a backup.

              Of course, it will also depend on the FSMO roles location whether the backup DC will be of any use.

              Comment


              • #8
                Re: Prioritize Domain Controllers in AD

                Originally posted by marker View Post
                I think I'm getting this now. I'm currently setup as follows: I have my main facility in NY, my branch offices are in AZ, CA, GA, and a colo facility in NY. My branch offices in AZ, CA, and GA do not have a DC in there facilities, they look to the DCs at the main facility. The branches have firewall to firewall Branch Office VPNs configured to the main facility in NY. I have a backup DC configured at my colo facility with a firewall to firewall branch office VPN. What I need to do is rename the default site and add the subnets of the main facility, AZ, CA, and GA. Then create a new site named colo (for example) with the appropriate subnet linked to it. This way the main facility, AZ, CA, and GA will use the main facility DCs and if there is a failure on both DCs at the main facility the clients will look to the colo site in AD. Am I correct?
                as long is there is no Network blocking between the Sites, clients would be able to Authenticate on DCs out side their site in case if the DC on their site (based on the Subnet Configuration) is unavailable.

                Comment

                Working...
                X