| Author | Messages | |
abagnale_lists
Posts:16
 | | 09/12/2005 10:23 AM |
| I'd like to reduce the number of dual role DC's which act as File & Print/DFS Servers currently in operation in my environment. At the moment I have around 80
We have a DFS target share on each of the 80 File & Print/DFS Servers.
We have a hub and spoke network design, where by we have a Regional Core Site which has 12 branch sites attached to it. Each branch site has once DC which acts as a F&P/DFS server.
At the moment, each branch site has it's own Site & Subnet defined in AD so that the local user will be authenticated by it's local branch site DC.
I would like to demote all 12 branch site DC's to member servers, so they are just plain File & Print/DFS Servers. I would like users to authenticate to the Regional Core Site F&P servers (which are managed by core Infrastructure)
If I demote a branch site DC to a member server, should I leave the IP subnet undefined in AD, and allow the Workstation to automatically find it's next closest DC, or should I add the IP Subnet manually to the Regional Core Site so this handles authentication?
I don't know much about DFS, but if I did the latter, would this affect my DFS structure? is there any problems with putting multiple DFS Servers within the same AD Site?
What would you do?
thanks
Frank
Yahoo! for Good
Click here to donate to the Hurricane Katrina relief effort. | | | |
| prenouf
Posts:1
| | 09/12/2005 4:23 AM |
| Phil
On 9/12/05, Almeida Pinto, Jorge de wrote:
Althought the branch offices will not host DCs, you should leave the AD sites and subnets structure as is because DFS also uses sites and subnets to locate the nearest root servers and in your case the targets. The DC-less sites will then automatically be covered (by default enabled) by the DCs in the Regional Core Site. If you would not have any site aware services in a site (like DCs and/or DFS root or target servers, Exchange) you could then remove the site definition for the branches and assign the subnets from the branches to the Regional Core Site(s)
Cheers
Jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Frank AbagnaleSent: Monday, September 12, 2005 12:20To: ActiveSubject: [ActiveDir] demoting DC's
I'd like to reduce the number of dual role DC's which act as File & Print/DFS Servers currently in operation in my environment. At the moment I have around 80
We have a DFS target share on each of the 80 File & Print/DFS Servers.
We have a hub and spoke network design, where by we have a Regional Core Site which has 12 branch sites attached to it. Each branch site has once DC which acts as a F&P/DFS server.
At the moment, each branch site has it's own Site & Subnet defined in AD so that the local user will be authenticated by it's local branch site DC.
I would like to demote all 12 branch site DC's to member servers, so they are just plain File & Print/DFS Servers. I would like users to authenticate to the Regional Core Site F&P servers (which are managed by core Infrastructure)
If I demote a branch site DC to a member server, should I leave the IP subnet undefined in AD, and allow the Workstation to automatically find it's next closest DC, or should I add the IP Subnet manually to the Regional Core Site so this handles authentication?
I don't know much about DFS, but if I did the latter, would this affect my DFS structure? is there any problems with putting multiple DFS Servers within the same AD Site?
What would you do?
thanks
Frank
Yahoo! for GoodClick here to donate to the Hurricane Katrina relief effort.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. | | | |
| bdesmond
Posts:416
| | 09/12/2005 5:22 AM |
| Agreed.
One thing the OP doesn™t mention is the bandwidth and % saturation
on the wan links relative to the number of clients. This is something that
needs to be considered before all those DCs are demoted.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c -
312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Phil Renouf
Sent: Monday, September 12, 2005
11:51 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] demoting
DC's
Further to this I always try to have my subnets defined in AD somewhere
rather than leaving them un-defined. This is so that the new alert you get on a
DC when a client logs in that doesn't have a defined subnet will mean more to
you if it isn't happening all the time.
Phil
On 9/12/05, Almeida
Pinto, Jorge de jorge.de.almeida.pinto@xxxxxxxxxxxxx>
wrote:
Althought
the branch offices will not host DCs, you should leave the AD sites and subnets
structure as is because DFS also uses sites and subnets to locate the nearest
root servers and in your case the targets. The DC-less sites will then
automatically be covered (by default enabled) by the DCs in the Regional Core
Site. If you would not have any site aware services in a site (like DCs and/or
DFS root or target servers, Exchange) you could then remove the site definition
for the branches and assign the subnets from the branches to the Regional Core
Site(s)
Cheers
Jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On
Behalf Of Frank Abagnale
Sent: Monday, September 12, 2005
12:20
To: Active
Subject: [ActiveDir] demoting DC's
I'd like
to reduce the number of dual role DC's which act as File & Print/DFS
Servers currently in operation in my environment. At the moment I have around
80
We have a
DFS target share on each of the 80 File & Print/DFS Servers.
We have a
hub and spoke network design, where by we have a Regional Core Site which has
12 branch sites attached to it. Each branch site has once DC which acts as a
F&P/DFS server.
At the
moment, each branch site has it's own Site & Subnet defined in AD so that
the local user will be authenticated by it's local branch site DC.
I would
like to demote all 12 branch site DC's to member servers, so they are just
plain File & Print/DFS Servers. I would like users to authenticate to the
Regional Core Site F&P servers (which are managed by core Infrastructure)
If I
demote a branch site DC to a member server, should I leave the IP subnet
undefined in AD, and allow the Workstation to automatically find it's next
closest DC, or should I add the IP Subnet manually to the Regional Core Site so
this handles authentication?
I don't
know much about DFS, but if I did the latter, would this affect my DFS
structure? is there any problems with putting multiple DFS Servers within the
same AD Site?
What
would you do?
thanks
Frank
Yahoo! for Good
Click
here to donate to the Hurricane Katrina relief effort.
This e-mail and any attachment is for
authorised use by the intended recipient(s) only. It may contain proprietary
material, confidential information and/or be subject to legal privilege. It
should not be copied, disclosed to, retained or used by, any other party. If
you are not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you. | | | |
| ZJORZ
Posts:133
| | 09/12/2005 10:45 AM |
| Althought the branch offices will not host
DCs, you should leave the AD sites and subnets structure as is because DFS also
uses sites and subnets to locate the nearest root servers and in your case the
targets. The DC-less sites will then automatically be covered (by default
enabled) by the DCs in the Regional Core Site. If you would not have any site
aware services in a site (like DCs and/or DFS root or target servers, Exchange)
you could then remove the site definition for the branches and assign the
subnets from the branches to the Regional Core Site(s)
Cheers
Jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Frank
AbagnaleSent: Monday, September 12, 2005 12:20To:
ActiveSubject: [ActiveDir] demoting DC's
I'd like to reduce the number of dual role DC's which act as File &
Print/DFS Servers currently in operation in my environment. At the moment I have
around 80
We have a DFS target share on each of the 80 File & Print/DFS
Servers.
We have a hub and spoke network design, where by we have a Regional Core Site
which has 12 branch sites attached to it. Each branch site has once DC which
acts as a F&P/DFS server.
At the moment, each branch site has it's own Site & Subnet defined in AD
so that the local user will be authenticated by it's local branch site DC.
I would like to demote all 12 branch site DC's to member servers, so they are
just plain File & Print/DFS Servers. I would like users to authenticate to
the Regional Core Site F&P servers (which are managed by core
Infrastructure)
If I demote a branch site DC to a member server, should I leave the IP subnet
undefined in AD, and allow the Workstation to automatically find it's next
closest DC, or should I add the IP Subnet manually to the Regional Core Site so
this handles authentication?
I don't know much about DFS, but if I did the latter, would this affect my
DFS structure? is there any problems with putting multiple DFS Servers within
the same AD Site?
What would you do?
thanks
Frank
Yahoo! for GoodClick here
to donate to the Hurricane Katrina relief effort.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. | | | |
|
|