| Author | Messages | |
christine.allen
Posts:18
 | | 10/06/2008 3:26 PM |
| Hello,
I'm hoping to get some advice.  We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| bsonposh
Posts:386
| | 10/06/2008 3:51 PM |
| What is the purpose of the remote Domain? It sounds like a single domain is
more than adequate for you. You can dcpromo all your remote domain DCs down
and join them to the main domain.
As for your DNS question I am unclear as to what your goal is there.
On Mon, Oct 6, 2008 at 3:14 PM, <Christine.Allen@salemfive.com> wrote:
> Hello,
>
> I'm hoping to get some advice. We have a windows 2003 forest with
> three domains. A empty root, then two child domains, a main office
> domain and a domain for our remote sites.
>
> We currently have 18 domain controllers in the remote sites. Since all
> sites are connected by fast connection, We want to decommission the
> domain controllers and have them as member servers running DNS.
>
> I know the steps on how to decommission the dc's. It should be easy
> since they hold no roles. My question is more on setting up the proper
> dns configuration. I'm going to configure secondary zones for the
> remote domain and locke them down to replicate with the DNS master,
> should I also set up secondary zones for the other child domain and the
> empty root domain?
>
> Any suggestions would be appreciated.
>
>
>
> -Christine
>
> Christine N. Allen
> Sr. Systems Engineer
> Salem Five
> 210 Essex Street
> Salem, MA 01970
> 978-720-5928
> christine.allen@salemfive.com
>
>
> This information may be confidential and/or privileged. Use of this
> information by anyone other than the intended recipient is prohibited.
> If you received this in error, please inform the sender and remove any
> record of this message.
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
| | | |
| deji
Posts:259
| | 10/06/2008 4:01 PM |
| Yes.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com [Christine.Allen@salemfive.com]
Sent: Monday, October 06, 2008 12:14 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Decommissioning DC
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| christine.allen
Posts:18
| | 10/06/2008 4:36 PM |
| I'm new at this company and I was told that at one time we needed the
remote domain for security purposes. I suggested a collapse and just
having the single but that was turned down.
My goal is to get rid of all the DC's. I thought if I had each member
server at each site as a DNS server, the clients at each site would have
faster resolution. Do you think that is too much overhead?
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Monday, October 06, 2008 3:29 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Decommissioning DC
What is the purpose of the remote Domain? It sounds like a single domain
is more than adequate for you. You can dcpromo all your remote domain
DCs down and join them to the main domain.
As for your DNS question I am unclear as to what your goal is there.
On Mon, Oct 6, 2008 at 3:14 PM, <Christine.Allen@salemfive.com> wrote:
Hello,
I'm hoping to get some advice. We have a windows 2003 forest
with
three domains. A empty root, then two child domains, a main
office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites.
Since all
sites are connected by fast connection, We want to decommission
the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be
easy
since they hold no roles. My question is more on setting up the
proper
dns configuration. I'm going to configure secondary zones for
the
remote domain and locke them down to replicate with the DNS
master,
should I also set up secondary zones for the other child domain
and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of
this
information by anyone other than the intended recipient is
prohibited.
If you received this in error, please inform the sender and
remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| bdesmond
Posts:843
| | 10/06/2008 4:44 PM |
| I'm missing the point of having local DNS. If your WAN supports having the DCs centralized, why can't DNS lookups be centralized too?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com
Sent: Monday, October 06, 2008 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Decommissioning DC
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| bdesmond
Posts:843
| | 10/06/2008 5:25 PM |
| Unlikely the faster resolution will buy you anything.
If you're just resolving stuff at the other end of the wire anyway, you're not buying anything to speak of.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com
Sent: Monday, October 06, 2008 3:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm new at this company and I was told that at one time we needed the remote domain for security purposes. I suggested a collapse and just having the single but that was turned down.
My goal is to get rid of all the DC's. I thought if I had each member server at each site as a DNS server, the clients at each site would have faster resolution. Do you think that is too much overhead?
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com<mailto:christine.allen@salemfive.com>
This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message.
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Monday, October 06, 2008 3:29 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Decommissioning DC
What is the purpose of the remote Domain? It sounds like a single domain is more than adequate for you. You can dcpromo all your remote domain DCs down and join them to the main domain.
As for your DNS question I am unclear as to what your goal is there.
On Mon, Oct 6, 2008 at 3:14 PM, <Christine.Allen@salemfive.com<mailto:Christine.Allen@salemfive.com>> wrote:
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com<mailto:christine.allen@salemfive.com>
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| bsonposh
Posts:386
| | 10/06/2008 5:47 PM |
| 1) If I were you would fight to collapse the domains. Perhaps if you educate
them they will be more open to the idea.
2) If collapsing the domain is not an option then you need to consider what
activity you expect to have at the remote sites. DNS is a relatively low
impact in regards to network traffic and I am not sure the management
overhead (of secondary DNS) is worth the network savings.
On Mon, Oct 6, 2008 at 4:06 PM, <Christine.Allen@salemfive.com> wrote:
> I'm new at this company and I was told that at one time we needed the
> remote domain for security purposes. I suggested a collapse and just
> having the single but that was turned down.
>
> My goal is to get rid of all the DC's. I thought if I had each
> member server at each site as a DNS server, the clients at each site would
> have faster resolution. Do you think that is too much overhead?
>
> -Christine
>
> Christine N. Allen
> Sr. Systems Engineer
> Salem Five
> 210 Essex Street
> Salem, MA 01970
> 978-720-5928
> christine.allen@salemfive.com
>
>
> *This information may be confidential and/or privileged. Use of this
> information by anyone other than the intended recipient is prohibited. If
> you received this in error, please inform the sender and remove any record
> of this message.*
>
>
> ------------------------------
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
> *Sent:* Monday, October 06, 2008 3:29 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] Decommissioning DC
>
> What is the purpose of the remote Domain? It sounds like a single domain
> is more than adequate for you. You can dcpromo all your remote domain DCs
> down and join them to the main domain.
> As for your DNS question I am unclear as to what your goal is there.
>
> On Mon, Oct 6, 2008 at 3:14 PM, <Christine.Allen@salemfive.com> wrote:
>
>> Hello,
>>
>> I'm hoping to get some advice. We have a windows 2003 forest with
>> three domains. A empty root, then two child domains, a main office
>> domain and a domain for our remote sites.
>>
>> We currently have 18 domain controllers in the remote sites. Since all
>> sites are connected by fast connection, We want to decommission the
>> domain controllers and have them as member servers running DNS.
>>
>> I know the steps on how to decommission the dc's. It should be easy
>> since they hold no roles. My question is more on setting up the proper
>> dns configuration. I'm going to configure secondary zones for the
>> remote domain and locke them down to replicate with the DNS master,
>> should I also set up secondary zones for the other child domain and the
>> empty root domain?
>>
>> Any suggestions would be appreciated.
>>
>>
>>
>> -Christine
>>
>> Christine N. Allen
>> Sr. Systems Engineer
>> Salem Five
>> 210 Essex Street
>> Salem, MA 01970
>> 978-720-5928
>> christine.allen@salemfive.com
>>
>>
>> This information may be confidential and/or privileged. Use of this
>> information by anyone other than the intended recipient is prohibited.
>> If you received this in error, please inform the sender and remove any
>> record of this message.
>>
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive: http://www.activedir.org/ma/default.aspx
>>
>
>
| | | |
| deji
Posts:259
| | 10/06/2008 5:58 PM |
| Having regional DNS servers is not a bad thing from a technical point of view, especially if you can afford the hardware. Potential drawbacks will be around the administration and role separation.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name<http://www.akomolafe.name/> - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com [Christine.Allen@salemfive.com]
Sent: Monday, October 06, 2008 1:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm new at this company and I was told that at one time we needed the remote domain for security purposes. I suggested a collapse and just having the single but that was turned down.
My goal is to get rid of all the DC's. I thought if I had each member server at each site as a DNS server, the clients at each site would have faster resolution. Do you think that is too much overhead?
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com<mailto:christine.allen@salemfive.com>
This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message.
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Monday, October 06, 2008 3:29 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Decommissioning DC
What is the purpose of the remote Domain? It sounds like a single domain is more than adequate for you. You can dcpromo all your remote domain DCs down and join them to the main domain.
As for your DNS question I am unclear as to what your goal is there.
On Mon, Oct 6, 2008 at 3:14 PM, <Christine.Allen@salemfive.com<mailto:Christine.Allen@salemfive.com>> wrote:
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com<mailto:christine.allen@salemfive.com>
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| bdesmond
Posts:843
| | 10/06/2008 6:16 PM |
| Regional DNS servers versus at each branch are at totally different situation.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Monday, October 06, 2008 3:52 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
Having regional DNS servers is not a bad thing from a technical point of view, especially if you can afford the hardware. Potential drawbacks will be around the administration and role separation.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name<http://www.akomolafe.name/> - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com [Christine.Allen@salemfive.com]
Sent: Monday, October 06, 2008 1:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm new at this company and I was told that at one time we needed the remote domain for security purposes. I suggested a collapse and just having the single but that was turned down.
My goal is to get rid of all the DC's. I thought if I had each member server at each site as a DNS server, the clients at each site would have faster resolution. Do you think that is too much overhead?
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com<mailto:christine.allen@salemfive.com>
This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message.
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Monday, October 06, 2008 3:29 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Decommissioning DC
What is the purpose of the remote Domain? It sounds like a single domain is more than adequate for you. You can dcpromo all your remote domain DCs down and join them to the main domain.
As for your DNS question I am unclear as to what your goal is there.
On Mon, Oct 6, 2008 at 3:14 PM, <Christine.Allen@salemfive.com<mailto:Christine.Allen@salemfive.com>> wrote:
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com<mailto:christine.allen@salemfive.com>
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| Ravi.Sabharanjak@barclaysglobal.com
Posts:0
| | 10/06/2008 7:37 PM |
| That will also save on the network replication of the DNS zones to the
remote sites. The client won't notice that the DNS server is remote.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Monday, October 06, 2008 1:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm missing the point of having local DNS. If your WAN supports having
the DCs centralized, why can't DNS lookups be centralized too?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
Christine.Allen@salemfive.com
Sent: Monday, October 06, 2008 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Decommissioning DC
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
This message and any attachments are confidential, proprietary, and may be privileged. If this message was misdirected, Barclays Global Investors (BGI) does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of BGI, unless the author is authorized by BGI to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by BGI. Although BGI operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| deji
Posts:259
| | 10/06/2008 8:02 PM |
| You think that the DNS zone replication traffic will be higher than the traffic associated with cross-WAN lookup requests?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Sabharanjak, Ravi BGI SF [Ravi.Sabharanjak@barclaysglobal.com]
Sent: Monday, October 06, 2008 4:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
That will also save on the network replication of the DNS zones to the
remote sites. The client won't notice that the DNS server is remote.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Monday, October 06, 2008 1:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm missing the point of having local DNS. If your WAN supports having
the DCs centralized, why can't DNS lookups be centralized too?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
Christine.Allen@salemfive.com
Sent: Monday, October 06, 2008 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Decommissioning DC
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
This message and any attachments are confidential, proprietary, and may be privileged. If this message was misdirected, Barclays Global Investors (BGI) does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of BGI, unless the author is authorized by BGI to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by BGI. Although BGI operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| bsonposh
Posts:386
| | 10/06/2008 8:12 PM |
| I think zone management is a deciding factor here as well.
On Mon, Oct 6, 2008 at 8:00 PM, Akomolafe, Deji <deji@readymaids.com> wrote:
> You think that the DNS zone replication traffic will be higher than the
> traffic associated with cross-WAN lookup requests?
>
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
> ________________________________________
> From: ActiveDir-owner@mail.activedir.org [
> ActiveDir-owner@mail.activedir.org] On Behalf Of Sabharanjak, Ravi BGI SF
> [Ravi.Sabharanjak@barclaysglobal.com]
> Sent: Monday, October 06, 2008 4:33 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Decommissioning DC
>
> That will also save on the network replication of the DNS zones to the
> remote sites. The client won't notice that the DNS server is remote.
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
> Sent: Monday, October 06, 2008 1:19 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Decommissioning DC
>
> I'm missing the point of having local DNS. If your WAN supports having
> the DCs centralized, why can't DNS lookups be centralized too?
>
> Thanks,
> Brian Desmond
> brian@briandesmond.com
>
> c - 312.731.3132
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
> Christine.Allen@salemfive.com
> Sent: Monday, October 06, 2008 2:15 PM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Decommissioning DC
>
> Hello,
>
> I'm hoping to get some advice. We have a windows 2003 forest with
> three domains. A empty root, then two child domains, a main office
> domain and a domain for our remote sites.
>
> We currently have 18 domain controllers in the remote sites. Since all
> sites are connected by fast connection, We want to decommission the
> domain controllers and have them as member servers running DNS.
>
> I know the steps on how to decommission the dc's. It should be easy
> since they hold no roles. My question is more on setting up the proper
> dns configuration. I'm going to configure secondary zones for the
> remote domain and locke them down to replicate with the DNS master,
> should I also set up secondary zones for the other child domain and the
> empty root domain?
>
> Any suggestions would be appreciated.
>
>
>
> -Christine
>
> Christine N. Allen
> Sr. Systems Engineer
> Salem Five
> 210 Essex Street
> Salem, MA 01970
> 978-720-5928
> christine.allen@salemfive.com
>
>
> This information may be confidential and/or privileged. Use of this
> information by anyone other than the intended recipient is prohibited.
> If you received this in error, please inform the sender and remove any
> record of this message.
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> --
>
> This message and any attachments are confidential, proprietary, and may be
> privileged. If this message was misdirected, Barclays Global Investors
> (BGI) does not waive any confidentiality or privilege. If you are not the
> intended recipient, please notify us immediately and destroy the message
> without disclosing its contents to anyone. Any distribution, use or copying
> of this e-mail or the information it contains by other than an intended
> recipient is unauthorized. The views and opinions expressed in this e-mail
> message are the author's own and may not reflect the views and opinions of
> BGI, unless the author is authorized by BGI to express such views or
> opinions on its behalf. All email sent to or from this address is subject
> to electronic storage and review by BGI. Although BGI operates anti-virus
> programs, it does not accept responsibility for any damage whatsoever caused
> by viruses being passed.
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
| | | |
| Ravi.Sabharanjak@barclaysglobal.com
Posts:0
| | 10/06/2008 8:14 PM |
| It depends on how much traffic is going across, and how many changes
occur to the DNS records. Definitely the initial transfer would involve
transferring all the DNS records over to the remote sites, regardless of
whether the remote site will ever look up that information. Subsequent
transfers will be incremental and will depend on the amount of changes
happening overall in the domain.
The biggest problem will be the over all management: maintaining the
list of servers that can do zone transfers, making sure that the
secondary's are updated with the master DNS server list every time a DC
acting as a primary server is decommissioned etc. If the only DNS
servers in the environment are the DC's at the main location, all this
gets bypassed. Why do extra work when AD is there to do it for you
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Monday, October 06, 2008 5:01 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
You think that the DNS zone replication traffic will be higher than the
traffic associated with cross-WAN lookup requests?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Sabharanjak, Ravi BGI
SF [Ravi.Sabharanjak@barclaysglobal.com]
Sent: Monday, October 06, 2008 4:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
That will also save on the network replication of the DNS zones to the
remote sites. The client won't notice that the DNS server is remote.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Monday, October 06, 2008 1:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm missing the point of having local DNS. If your WAN supports having
the DCs centralized, why can't DNS lookups be centralized too?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
Christine.Allen@salemfive.com
Sent: Monday, October 06, 2008 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Decommissioning DC
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
This message and any attachments are confidential, proprietary, and may
be privileged. If this message was misdirected, Barclays Global
Investors (BGI) does not waive any confidentiality or privilege. If you
are not the intended recipient, please notify us immediately and destroy
the message without disclosing its contents to anyone. Any
distribution, use or copying of this e-mail or the information it
contains by other than an intended recipient is unauthorized. The views
and opinions expressed in this e-mail message are the author's own and
may not reflect the views and opinions of BGI, unless the author is
authorized by BGI to express such views or opinions on its behalf. All
email sent to or from this address is subject to electronic storage and
review by BGI. Although BGI operates anti-virus programs, it does not
accept responsibility for any damage whatsoever caused by viruses being
passed.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
This message and any attachments are confidential, proprietary, and may be privileged. If this message was misdirected, Barclays Global Investors (BGI) does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of BGI, unless the author is authorized by BGI to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by BGI. Although BGI operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| robertsingers
Posts:505
| | 10/06/2008 8:32 PM |
| It's a spurious comparison.
The real question is what is going to impact users on the remote site
more. And the answer is that any large transaction across the WAN might
be noticed. So from a end user perspective a zone replication might be
noticeable, while any number of tiny name resolution requests spread
across time won't be.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Tuesday, 7 October 2008 1:01 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
You think that the DNS zone replication traffic will be higher than the
traffic associated with cross-WAN lookup requests?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Sabharanjak, Ravi BGI
SF [Ravi.Sabharanjak@barclaysglobal.com]
Sent: Monday, October 06, 2008 4:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
That will also save on the network replication of the DNS zones to the
remote sites. The client won't notice that the DNS server is remote.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Monday, October 06, 2008 1:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm missing the point of having local DNS. If your WAN supports having
the DCs centralized, why can't DNS lookups be centralized too?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
Christine.Allen@salemfive.com
Sent: Monday, October 06, 2008 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Decommissioning DC
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
This message and any attachments are confidential, proprietary, and may
be privileged. If this message was misdirected, Barclays Global
Investors (BGI) does not waive any confidentiality or privilege. If you
are not the intended recipient, please notify us immediately and destroy
the message without disclosing its contents to anyone. Any
distribution, use or copying of this e-mail or the information it
contains by other than an intended recipient is unauthorized. The views
and opinions expressed in this e-mail message are the author's own and
may not reflect the views and opinions of BGI, unless the author is
authorized by BGI to express such views or opinions on its behalf. All
email sent to or from this address is subject to electronic storage and
review by BGI. Although BGI operates anti-virus programs, it does not
accept responsibility for any damage whatsoever caused by viruses being
passed.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
########################################################################
#####################
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal.
########################################################################
######################
############################################################
PLEASE NOTE:
The information contained in this email message and any
attached files may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily
those of the Department of Building and Housing. All technical
opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure
or copying of this email is unauthorised. If you have received
this email in error, please notify us immediately by reply email
and delete the original and any attachment(s). Thank you.
############################################################
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| deji
Posts:259
| | 10/06/2008 10:08 PM |
| Unless someone/something is incessantly writing to the zone, creating/modifying an inordinately large number of records that is then replicated across the wire, it is quite hard to imagine a condition in which total bandwidth usage for an IXFR zone replication will surpass the total bandwidth usage associated with cross-WAN client resolution requests.
If the DNS partners were doing AXFR, then, yeah, it is quite easy to eat up a lot of bandwidth doing zone transfer over a period of time. With the exception of the seeding stage druing which the secondary partner syncs up with the master, there is very little traffic associated with a normal DNS replication process in a master/secondary topology. Just measure it yourself.
And, no, the consideration of which choices utilizes more bandwidth is not "spurious", Robert. At least not in the normal dictionary meaning of that word. When you design an enterprise system like DNS, you always want to know the cost associated with one choice or the other, not just in terms of hardware and maintenance, but also in terms of the network bandwidth, among others.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers [robert.singers@dbh.govt.nz]
Sent: Monday, October 06, 2008 5:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
It's a spurious comparison.
The real question is what is going to impact users on the remote site
more. And the answer is that any large transaction across the WAN might
be noticed. So from a end user perspective a zone replication might be
noticeable, while any number of tiny name resolution requests spread
across time won't be.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Tuesday, 7 October 2008 1:01 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
You think that the DNS zone replication traffic will be higher than the
traffic associated with cross-WAN lookup requests?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Sabharanjak, Ravi BGI
SF [Ravi.Sabharanjak@barclaysglobal.com]
Sent: Monday, October 06, 2008 4:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
That will also save on the network replication of the DNS zones to the
remote sites. The client won't notice that the DNS server is remote.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Monday, October 06, 2008 1:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm missing the point of having local DNS. If your WAN supports having
the DCs centralized, why can't DNS lookups be centralized too?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
Christine.Allen@salemfive.com
Sent: Monday, October 06, 2008 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Decommissioning DC
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
This message and any attachments are confidential, proprietary, and may
be privileged. If this message was misdirected, Barclays Global
Investors (BGI) does not waive any confidentiality or privilege. If you
are not the intended recipient, please notify us immediately and destroy
the message without disclosing its contents to anyone. Any
distribution, use or copying of this e-mail or the information it
contains by other than an intended recipient is unauthorized. The views
and opinions expressed in this e-mail message are the author's own and
may not reflect the views and opinions of BGI, unless the author is
authorized by BGI to express such views or opinions on its behalf. All
email sent to or from this address is subject to electronic storage and
review by BGI. Although BGI operates anti-virus programs, it does not
accept responsibility for any damage whatsoever caused by viruses being
passed.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
########################################################################
#####################
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal.
########################################################################
######################
############################################################
PLEASE NOTE:
The information contained in this email message and any
attached files may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily
those of the Department of Building and Housing. All technical
opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure
or copying of this email is unauthorised. If you have received
this email in error, please notify us immediately by reply email
and delete the original and any attachment(s). Thank you.
############################################################
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| bdesmond
Posts:843
| | 10/06/2008 10:38 PM |
| However, given that the OP feels it's suitable to run authentication traffic over the wire, the logical conclusion here is that there is ample bandwidth for name resolution as well. A DNS lookup is far more lightweight than everything involved with a user booting a PC and logging in to it given it's joined to an AD domain...
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Monday, October 06, 2008 9:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
Unless someone/something is incessantly writing to the zone, creating/modifying an inordinately large number of records that is then replicated across the wire, it is quite hard to imagine a condition in which total bandwidth usage for an IXFR zone replication will surpass the total bandwidth usage associated with cross-WAN client resolution requests.
If the DNS partners were doing AXFR, then, yeah, it is quite easy to eat up a lot of bandwidth doing zone transfer over a period of time. With the exception of the seeding stage druing which the secondary partner syncs up with the master, there is very little traffic associated with a normal DNS replication process in a master/secondary topology. Just measure it yourself.
And, no, the consideration of which choices utilizes more bandwidth is not "spurious", Robert. At least not in the normal dictionary meaning of that word. When you design an enterprise system like DNS, you always want to know the cost associated with one choice or the other, not just in terms of hardware and maintenance, but also in terms of the network bandwidth, among others.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers [robert.singers@dbh.govt.nz]
Sent: Monday, October 06, 2008 5:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
It's a spurious comparison.
The real question is what is going to impact users on the remote site
more. And the answer is that any large transaction across the WAN might
be noticed. So from a end user perspective a zone replication might be
noticeable, while any number of tiny name resolution requests spread
across time won't be.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Tuesday, 7 October 2008 1:01 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
You think that the DNS zone replication traffic will be higher than the
traffic associated with cross-WAN lookup requests?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Sabharanjak, Ravi BGI
SF [Ravi.Sabharanjak@barclaysglobal.com]
Sent: Monday, October 06, 2008 4:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
That will also save on the network replication of the DNS zones to the
remote sites. The client won't notice that the DNS server is remote.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Monday, October 06, 2008 1:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm missing the point of having local DNS. If your WAN supports having
the DCs centralized, why can't DNS lookups be centralized too?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
Christine.Allen@salemfive.com
Sent: Monday, October 06, 2008 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Decommissioning DC
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
This message and any attachments are confidential, proprietary, and may
be privileged. If this message was misdirected, Barclays Global
Investors (BGI) does not waive any confidentiality or privilege. If you
are not the intended recipient, please notify us immediately and destroy
the message without disclosing its contents to anyone. Any
distribution, use or copying of this e-mail or the information it
contains by other than an intended recipient is unauthorized. The views
and opinions expressed in this e-mail message are the author's own and
may not reflect the views and opinions of BGI, unless the author is
authorized by BGI to express such views or opinions on its behalf. All
email sent to or from this address is subject to electronic storage and
review by BGI. Although BGI operates anti-virus programs, it does not
accept responsibility for any damage whatsoever caused by viruses being
passed.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
########################################################################
#####################
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal.
########################################################################
######################
############################################################
PLEASE NOTE:
The information contained in this email message and any
attached files may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily
those of the Department of Building and Housing. All technical
opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure
or copying of this email is unauthorised. If you have received
this email in error, please notify us immediately by reply email
and delete the original and any attachment(s). Thank you.
############################################################
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| deji
Posts:259
| | 10/06/2008 11:00 PM |
| I see what you are saying, Brian. But that is not the angle from which I approached this in my initial response. My approach was whether local name resolution of was more optimized and less costly than cross-WAN resolution. My response was to the effect that since the servers are already there, localized name resolution is more efficient and the network cost associated with the zone transfer will be less than that associated with clients going across the WAN to a centralized DNS server.
>From the angle of "we're already doing cross-WAN authentication", I'd like to point out that cross-WAN authentication traffic usually tapers off after the initial spike in the morning. For much of the rest of the day, you usually have very negligible authentication-related traffic. Yes, I know that "it depends" on many factors as well, but generally name resolution traffic is a lot more chatty and pervasive than authentication traffic.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond [brian@briandesmond.com]
Sent: Monday, October 06, 2008 7:32 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
However, given that the OP feels it's suitable to run authentication traffic over the wire, the logical conclusion here is that there is ample bandwidth for name resolution as well. A DNS lookup is far more lightweight than everything involved with a user booting a PC and logging in to it given it's joined to an AD domain...
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Monday, October 06, 2008 9:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
Unless someone/something is incessantly writing to the zone, creating/modifying an inordinately large number of records that is then replicated across the wire, it is quite hard to imagine a condition in which total bandwidth usage for an IXFR zone replication will surpass the total bandwidth usage associated with cross-WAN client resolution requests.
If the DNS partners were doing AXFR, then, yeah, it is quite easy to eat up a lot of bandwidth doing zone transfer over a period of time. With the exception of the seeding stage druing which the secondary partner syncs up with the master, there is very little traffic associated with a normal DNS replication process in a master/secondary topology. Just measure it yourself.
And, no, the consideration of which choices utilizes more bandwidth is not "spurious", Robert. At least not in the normal dictionary meaning of that word. When you design an enterprise system like DNS, you always want to know the cost associated with one choice or the other, not just in terms of hardware and maintenance, but also in terms of the network bandwidth, among others.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers [robert.singers@dbh.govt.nz]
Sent: Monday, October 06, 2008 5:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
It's a spurious comparison.
The real question is what is going to impact users on the remote site
more. And the answer is that any large transaction across the WAN might
be noticed. So from a end user perspective a zone replication might be
noticeable, while any number of tiny name resolution requests spread
across time won't be.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Tuesday, 7 October 2008 1:01 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
You think that the DNS zone replication traffic will be higher than the
traffic associated with cross-WAN lookup requests?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Sabharanjak, Ravi BGI
SF [Ravi.Sabharanjak@barclaysglobal.com]
Sent: Monday, October 06, 2008 4:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
That will also save on the network replication of the DNS zones to the
remote sites. The client won't notice that the DNS server is remote.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Monday, October 06, 2008 1:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm missing the point of having local DNS. If your WAN supports having
the DCs centralized, why can't DNS lookups be centralized too?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
Christine.Allen@salemfive.com
Sent: Monday, October 06, 2008 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Decommissioning DC
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
This message and any attachments are confidential, proprietary, and may
be privileged. If this message was misdirected, Barclays Global
Investors (BGI) does not waive any confidentiality or privilege. If you
are not the intended recipient, please notify us immediately and destroy
the message without disclosing its contents to anyone. Any
distribution, use or copying of this e-mail or the information it
contains by other than an intended recipient is unauthorized. The views
and opinions expressed in this e-mail message are the author's own and
may not reflect the views and opinions of BGI, unless the author is
authorized by BGI to express such views or opinions on its behalf. All
email sent to or from this address is subject to electronic storage and
review by BGI. Although BGI operates anti-virus programs, it does not
accept responsibility for any damage whatsoever caused by viruses being
passed.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
########################################################################
#####################
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal.
########################################################################
######################
############################################################
PLEASE NOTE:
The information contained in this email message and any
attached files may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily
those of the Department of Building and Housing. All technical
opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure
or copying of this email is unauthorised. If you have received
this email in error, please notify us immediately by reply email
and delete the original and any attachment(s). Thank you.
############################################################
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| robertsingers
Posts:505
| | 10/06/2008 11:49 PM |
| I've checked the meaning of spurious to make sure and yes it was exactly
the word I wanted. Unless you are paying by the byte for network
transmission your implied definition of network cost is to my mind
faulty when evaluating the issue. Counting the packets transmitted by
each method is irrelevant because you've removed the dimension of time
from the equation. And bandwidth is a measurement of data over time;
both in the dictionary meaning of the word and common parlance. I'm not
a Statistician (although I often play one on the Internet) but my gut
feel is that name resolution traffic is so small as to be statistically
irrelevant when evaluating WAN performance Ώ]. Certainly my experience
of performing network captures for enterprise systems is that
authentication is a far different beast than name resolution when it
comes to network performance ΐ].
I may have totally misjudged what you mean by network cost and would be
happy for you to clarify.
Ώ] Where performance is measured in terms of [business] transactions
being able to be completed in acceptable times.
ΐ] I've yet to meet a pretty woman that will be impressed by the story
about how you diagnosed a SMB negotiation problem and escalated it to
"the Plant".
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Tuesday, 7 October 2008 4:00 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I see what you are saying, Brian. But that is not the angle from which I
approached this in my initial response. My approach was whether local
name resolution of was more optimized and less costly than cross-WAN
resolution. My response was to the effect that since the servers are
already there, localized name resolution is more efficient and the
network cost associated with the zone transfer will be less than that
associated with clients going across the WAN to a centralized DNS
server.
>From the angle of "we're already doing cross-WAN authentication", I'd
like to point out that cross-WAN authentication traffic usually tapers
off after the initial spike in the morning. For much of the rest of the
day, you usually have very negligible authentication-related traffic.
Yes, I know that "it depends" on many factors as well, but generally
name resolution traffic is a lot more chatty and pervasive than
authentication traffic.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
[brian@briandesmond.com]
Sent: Monday, October 06, 2008 7:32 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
However, given that the OP feels it's suitable to run authentication
traffic over the wire, the logical conclusion here is that there is
ample bandwidth for name resolution as well. A DNS lookup is far more
lightweight than everything involved with a user booting a PC and
logging in to it given it's joined to an AD domain...
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Monday, October 06, 2008 9:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
Unless someone/something is incessantly writing to the zone,
creating/modifying an inordinately large number of records that is then
replicated across the wire, it is quite hard to imagine a condition in
which total bandwidth usage for an IXFR zone replication will surpass
the total bandwidth usage associated with cross-WAN client resolution
requests.
If the DNS partners were doing AXFR, then, yeah, it is quite easy to eat
up a lot of bandwidth doing zone transfer over a period of time. With
the exception of the seeding stage druing which the secondary partner
syncs up with the master, there is very little traffic associated with a
normal DNS replication process in a master/secondary topology. Just
measure it yourself.
And, no, the consideration of which choices utilizes more bandwidth is
not "spurious", Robert. At least not in the normal dictionary meaning of
that word. When you design an enterprise system like DNS, you always
want to know the cost associated with one choice or the other, not just
in terms of hardware and maintenance, but also in terms of the network
bandwidth, among others.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers
[robert.singers@dbh.govt.nz]
Sent: Monday, October 06, 2008 5:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
It's a spurious comparison.
The real question is what is going to impact users on the remote site
more. And the answer is that any large transaction across the WAN might
be noticed. So from a end user perspective a zone replication might be
noticeable, while any number of tiny name resolution requests spread
across time won't be.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Tuesday, 7 October 2008 1:01 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
You think that the DNS zone replication traffic will be higher than the
traffic associated with cross-WAN lookup requests?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Sabharanjak, Ravi BGI
SF [Ravi.Sabharanjak@barclaysglobal.com]
Sent: Monday, October 06, 2008 4:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
That will also save on the network replication of the DNS zones to the
remote sites. The client won't notice that the DNS server is remote.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Monday, October 06, 2008 1:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm missing the point of having local DNS. If your WAN supports having
the DCs centralized, why can't DNS lookups be centralized too?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
Christine.Allen@salemfive.com
Sent: Monday, October 06, 2008 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Decommissioning DC
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
This message and any attachments are confidential, proprietary, and may
be privileged. If this message was misdirected, Barclays Global
Investors (BGI) does not waive any confidentiality or privilege. If you
are not the intended recipient, please notify us immediately and destroy
the message without disclosing its contents to anyone. Any
distribution, use or copying of this e-mail or the information it
contains by other than an intended recipient is unauthorized. The views
and opinions expressed in this e-mail message are the author's own and
may not reflect the views and opinions of BGI, unless the author is
authorized by BGI to express such views or opinions on its behalf. All
email sent to or from this address is subject to electronic storage and
review by BGI. Although BGI operates anti-virus programs, it does not
accept responsibility for any damage whatsoever caused by viruses being
passed.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
########################################################################
#####################
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal.
########################################################################
######################
############################################################
PLEASE NOTE:
The information contained in this email message and any attached files
may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily those of the
Department of Building and Housing. All technical opinions are offered
on a ?no-liability? basis. This message and any files transmitted with
it are confidential and solely for the use of the intended recipient. If
you are not the intended recipient, you are notified that any use,
disclosure or copying of this email is unauthorised. If you have
received this email in error, please notify us immediately by reply
email and delete the original and any attachment(s). Thank you.
############################################################
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| deji
Posts:259
| | 10/07/2008 12:40 AM |
| Robert,
I'm not sure meant by "removed the dimension of time", especially since you then proceeded to concur that bandwidth measurement is done "over time". When you calculate your TCO, do you just pick a random point in time, or do you base it on measurable metrics OVER a period of time?
"Counting" packets transmitted is "irrelevant"? Really? What metric do you typically use when you design these things? If you don't measure packets, how do you arrive at your conclusions at the end of your assessment as to which of a host of options is the most optimal and least costly?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers [robert.singers@dbh.govt.nz]
Sent: Monday, October 06, 2008 8:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I've checked the meaning of spurious to make sure and yes it was exactly
the word I wanted. Unless you are paying by the byte for network
transmission your implied definition of network cost is to my mind
faulty when evaluating the issue. Counting the packets transmitted by
each method is irrelevant because you've removed the dimension of time
from the equation. And bandwidth is a measurement of data over time;
both in the dictionary meaning of the word and common parlance. I'm not
a Statistician (although I often play one on the Internet) but my gut
feel is that name resolution traffic is so small as to be statistically
irrelevant when evaluating WAN performance Ώ]. Certainly my experience
of performing network captures for enterprise systems is that
authentication is a far different beast than name resolution when it
comes to network performance ΐ].
I may have totally misjudged what you mean by network cost and would be
happy for you to clarify.
Ώ] Where performance is measured in terms of [business] transactions
being able to be completed in acceptable times.
ΐ] I've yet to meet a pretty woman that will be impressed by the story
about how you diagnosed a SMB negotiation problem and escalated it to
"the Plant".
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Tuesday, 7 October 2008 4:00 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I see what you are saying, Brian. But that is not the angle from which I
approached this in my initial response. My approach was whether local
name resolution of was more optimized and less costly than cross-WAN
resolution. My response was to the effect that since the servers are
already there, localized name resolution is more efficient and the
network cost associated with the zone transfer will be less than that
associated with clients going across the WAN to a centralized DNS
server.
>From the angle of "we're already doing cross-WAN authentication", I'd
like to point out that cross-WAN authentication traffic usually tapers
off after the initial spike in the morning. For much of the rest of the
day, you usually have very negligible authentication-related traffic.
Yes, I know that "it depends" on many factors as well, but generally
name resolution traffic is a lot more chatty and pervasive than
authentication traffic.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
[brian@briandesmond.com]
Sent: Monday, October 06, 2008 7:32 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
However, given that the OP feels it's suitable to run authentication
traffic over the wire, the logical conclusion here is that there is
ample bandwidth for name resolution as well. A DNS lookup is far more
lightweight than everything involved with a user booting a PC and
logging in to it given it's joined to an AD domain...
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Monday, October 06, 2008 9:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
Unless someone/something is incessantly writing to the zone,
creating/modifying an inordinately large number of records that is then
replicated across the wire, it is quite hard to imagine a condition in
which total bandwidth usage for an IXFR zone replication will surpass
the total bandwidth usage associated with cross-WAN client resolution
requests.
If the DNS partners were doing AXFR, then, yeah, it is quite easy to eat
up a lot of bandwidth doing zone transfer over a period of time. With
the exception of the seeding stage druing which the secondary partner
syncs up with the master, there is very little traffic associated with a
normal DNS replication process in a master/secondary topology. Just
measure it yourself.
And, no, the consideration of which choices utilizes more bandwidth is
not "spurious", Robert. At least not in the normal dictionary meaning of
that word. When you design an enterprise system like DNS, you always
want to know the cost associated with one choice or the other, not just
in terms of hardware and maintenance, but also in terms of the network
bandwidth, among others.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers
[robert.singers@dbh.govt.nz]
Sent: Monday, October 06, 2008 5:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
It's a spurious comparison.
The real question is what is going to impact users on the remote site
more. And the answer is that any large transaction across the WAN might
be noticed. So from a end user perspective a zone replication might be
noticeable, while any number of tiny name resolution requests spread
across time won't be.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Tuesday, 7 October 2008 1:01 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
You think that the DNS zone replication traffic will be higher than the
traffic associated with cross-WAN lookup requests?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Sabharanjak, Ravi BGI
SF [Ravi.Sabharanjak@barclaysglobal.com]
Sent: Monday, October 06, 2008 4:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
That will also save on the network replication of the DNS zones to the
remote sites. The client won't notice that the DNS server is remote.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Monday, October 06, 2008 1:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Decommissioning DC
I'm missing the point of having local DNS. If your WAN supports having
the DCs centralized, why can't DNS lookups be centralized too?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
Christine.Allen@salemfive.com
Sent: Monday, October 06, 2008 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Decommissioning DC
Hello,
I'm hoping to get some advice. We have a windows 2003 forest with
three domains. A empty root, then two child domains, a main office
domain and a domain for our remote sites.
We currently have 18 domain controllers in the remote sites. Since all
sites are connected by fast connection, We want to decommission the
domain controllers and have them as member servers running DNS.
I know the steps on how to decommission the dc's. It should be easy
since they hold no roles. My question is more on setting up the proper
dns configuration. I'm going to configure secondary zones for the
remote domain and locke them down to replicate with the DNS master,
should I also set up secondary zones for the other child domain and the
empty root domain?
Any suggestions would be appreciated.
-Christine
Christine N. Allen
Sr. Systems Engineer
Salem Five
210 Essex Street
Salem, MA 01970
978-720-5928
christine.allen@salemfive.com
This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this in error, please inform the sender and remove any
record of this message.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
This message and any attachments are confidential, proprietary, and may
be privileged. If this message was misdirected, Barclays Global
Investors (BGI) does not waive any confidentiality or privilege. If you
are not the intended recipient, please notify us immediately and destroy
the message without disclosing its contents to anyone. Any
distribution, use or copying of this e-mail or the information it
contains by other than an intended recipient is unauthorized. The views
and opinions expressed in this e-mail message are the author's own and
may not reflect the views and opinions of BGI, unless the author is
authorized by BGI to express such views or opinions on its behalf. All
email sent to or from this address is subject to electronic storage and
review by BGI. Although BGI operates anti-virus programs, it does not
accept responsibility for any damage whatsoever caused by viruses being
passed.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
########################################################################
#####################
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal.
########################################################################
######################
############################################################
PLEASE NOTE:
The information contained in this email message and any attached files
may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily those of the
Department of Building and Housing. All technical opinions are offered
on a ?no-liability? basis. This message and any files transmitted with
it are confidential and solely for the use of the intended recipient. If
you are not the intended recipient, you are notified that any use,
disclosure or copying of this email is unauthorised. If you have
received this email in error, please notify us immediately by reply
email and delete the original and any attachment(s). Thank you.
############################################################
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| jamesawells
Posts:73
| | 10/07/2008 6:49 AM |
| Yes and no.
I think that for most WAN design - since the bandwidth should
generally increase as you add hundreds or thousands of clients - then
DNS traffic of any kind becomes, to borrow Joe's phrase, a "rounding
error" more than something with an impact.
It's good to know what the impacts of DNS will be...but for most
sites, it just doesn't make a big enough difference.
Add to that the fullhard and soft TCO of a server (even a virtual,
sometimes) and local DNS doesn't always make business sense, depending
on what else is at the site.
So I think the answer USUALLY - what services are still operational
when a WAN link dies? If the answer is none or few, then local DNS
probably isn't a priority.
--James
On 10/7/08, Akomolafe, Deji <deji@readymaids.com> wrote:
> Robert,
>
> I'm not sure meant by "removed the dimension of time", especially since you
> then proceeded to concur that bandwidth measurement is done "over time".
> When you calculate your TCO, do you just pick a random point in time, or do
> you base it on measurable metrics OVER a period of time?
>
> "Counting" packets transmitted is "irrelevant"? Really? What metric do you
> typically use when you design these things? If you don't measure packets,
> how do you arrive at your conclusions at the end of your assessment as to
> which of a host of options is the most optimal and least costly?
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
> ________________________________________
> From: ActiveDir-owner@mail.activedir.org
> [ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers
> [robert.singers@dbh.govt.nz]
> Sent: Monday, October 06, 2008 8:43 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Decommissioning DC
>
> I've checked the meaning of spurious to make sure and yes it was exactly
> the word I wanted. Unless you are paying by the byte for network
> transmission your implied definition of network cost is to my mind
> faulty when evaluating the issue. Counting the packets transmitted by
> each method is irrelevant because you've removed the dimension of time
> from the equation. And bandwidth is a measurement of data over time;
> both in the dictionary meaning of the word and common parlance. I'm not
> a Statistician (although I often play one on the Internet) but my gut
> feel is that name resolution traffic is so small as to be statistically
> irrelevant when evaluating WAN performance Ώ]. Certainly my experience
> of performing network captures for enterprise systems is that
> authentication is a far different beast than name resolution when it
> comes to network performance ΐ].
>
> I may have totally misjudged what you mean by network cost and would be
> happy for you to clarify.
>
> Ώ] Where performance is measured in terms of [business] transactions
> being able to be completed in acceptable times.
>
> ΐ] I've yet to meet a pretty woman that will be impressed by the story
> about how you diagnosed a SMB negotiation problem and escalated it to
> "the Plant".
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
> Sent: Tuesday, 7 October 2008 4:00 p.m.
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Decommissioning DC
>
> I see what you are saying, Brian. But that is not the angle from which I
> approached this in my initial response. My approach was whether local
> name resolution of was more optimized and less costly than cross-WAN
> resolution. My response was to the effect that since the servers are
> already there, localized name resolution is more efficient and the
> network cost associated with the zone transfer will be less than that
> associated with clients going across the WAN to a centralized DNS
> server.
>
> >From the angle of "we're already doing cross-WAN authentication", I'd
> like to point out that cross-WAN authentication traffic usually tapers
> off after the initial spike in the morning. For much of the rest of the
> day, you usually have very negligible authentication-related traffic.
> Yes, I know that "it depends" on many factors as well, but generally
> name resolution traffic is a lot more chatty and pervasive than
> authentication traffic.
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon ________________________________________
> From: ActiveDir-owner@mail.activedir.org
> [ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
> [brian@briandesmond.com]
> Sent: Monday, October 06, 2008 7:32 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Decommissioning DC
>
> However, given that the OP feels it's suitable to run authentication
> traffic over the wire, the logical conclusion here is that there is
> ample bandwidth for name resolution as well. A DNS lookup is far more
> lightweight than everything involved with a user booting a PC and
> logging in to it given it's joined to an AD domain...
>
> Thanks,
> Brian Desmond
> brian@briandesmond.com
>
> c - 312.731.3132
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
> Sent: Monday, October 06, 2008 9:06 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Decommissioning DC
>
> Unless someone/something is incessantly writing to the zone,
> creating/modifying an inordinately large number of records that is then
> replicated across the wire, it is quite hard to imagine a condition in
> which total bandwidth usage for an IXFR zone replication will surpass
> the total bandwidth usage associated with cross-WAN client resolution
> requests.
>
> If the DNS partners were doing AXFR, then, yeah, it is quite easy to eat
> up a lot of bandwidth doing zone transfer over a period of time. With
> the exception of the seeding stage druing which the secondary partner
> syncs up with the master, there is very little traffic associated with a
> normal DNS replication process in a master/secondary topology. Just
> measure it yourself.
>
> And, no, the consideration of which choices utilizes more bandwidth is
> not "spurious", Robert. At least not in the normal dictionary meaning of
> that word. When you design an enterprise system like DNS, you always
> want to know the cost associated with one choice or the other, not just
> in terms of hardware and maintenance, but also in terms of the network
> bandwidth, among others.
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon ________________________________________
> From: ActiveDir-owner@mail.activedir.org
> [ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers
> [robert.singers@dbh.govt.nz]
> Sent: Monday, October 06, 2008 5:26 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Decommissioning DC
>
> It's a spurious comparison.
>
> The real question is what is going to impact users on the remote site
> more. And the answer is that any large transaction across the WAN might
> be noticed. So from a end user perspective a zone replication might be
> noticeable, while any number of tiny name resolution requests spread
> across time won't be.
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
> Sent: Tuesday, 7 October 2008 1:01 p.m.
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Decommissioning DC
>
> You think that the DNS zone replication traffic will be higher than the
> traffic associated with cross-WAN lookup requests?
>
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon ________________________________________
> From: ActiveDir-owner@mail.activedir.org
> [ActiveDir-owner@mail.activedir.org] On Behalf Of Sabharanjak, Ravi BGI
> SF [Ravi.Sabharanjak@barclaysglobal.com]
> Sent: Monday, October 06, 2008 4:33 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Decommissioning DC
>
> That will also save on the network replication of the DNS zones to the
> remote sites. The client won't notice that the DNS server is remote.
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
> Sent: Monday, October 06, 2008 1:19 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Decommissioning DC
>
> I'm missing the point of having local DNS. If your WAN supports having
> the DCs centralized, why can't DNS lookups be centralized too?
>
> Thanks,
> Brian Desmond
> brian@briandesmond.com
>
> c - 312.731.3132
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
> Christine.Allen@salemfive.com
> Sent: Monday, October 06, 2008 2:15 PM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Decommissioning DC
>
> Hello,
>
> I'm hoping to get some advice. We have a windows 2003 forest with
> three domains. A empty root, then two child domains, a main office
> domain and a domain for our remote sites.
>
> We currently have 18 domain controllers in the remote sites. Since all
> sites are connected by fast connection, We want to decommission the
> domain controllers and have them as member servers running DNS.
>
> I know the steps on how to decommission the dc's. It should be easy
> since they hold no roles. My question is more on setting up the proper
> dns configuration. I'm going to configure secondary zones for the
> remote domain and locke them down to replicate with the DNS master,
> should I also set up secondary zones for the other child domain and the
> empty root domain?
>
> Any suggestions would be appreciated.
>
>
>
> -Christine
>
> Christine N. Allen
> Sr. Systems Engineer
> Salem Five
> 210 Essex Street
> Salem, MA 01970
> 978-720-5928
> christine.allen@salemfive.com
>
>
> This information may be confidential and/or privileged. Use of this
> information by anyone other than the intended recipient is prohibited.
> If you received this in error, please inform the sender and remove any
> record of this message.
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> --
>
> This message and any attachments are confidential, proprietary, and may
> be privileged. If this message was misdirected, Barclays Global
> Investors (BGI) does not waive any confidentiality or privilege. If you
> are not the intended recipient, please notify us immediately and destroy
> the message without disclosing its contents to anyone. Any
> distribution, use or copying of this e-mail or the information it
> contains by other than an intended recipient is unauthorized. The views
> and opinions expressed in this e-mail message are the author's own and
> may not reflect the views and opinions of BGI, unless the author is
> authorized by BGI to express such views or opinions on its behalf. All
> email sent to or from this address is subject to electronic storage and
> review by BGI. Although BGI operates anti-virus programs, it does not
> accept responsibility for any damage whatsoever caused by viruses being
> passed.
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> ########################################################################
> #####################
> This e-mail message has been scanned for Viruses and cleared by NetIQ
> MailMarshal.
> ########################################################################
> ######################
> ############################################################
> PLEASE NOTE:
>
> The information contained in this email message and any attached files
> may be confidential and subject to privilege.
> Any opinions expressed in this message are not necessarily those of the
> Department of Building and Housing. All technical opinions are offered
> on a ?no-liability? basis. This message and any files transmitted with
> it are confidential and solely for the use of the intended recipient. If
> you are not the intended recipient, you are notified that any use,
> disclosure or copying of this email is unauthorised. If you have
> received this email in error, please notify us immediately by reply
> email and delete the original and any attachment(s). Thank you.
> ############################################################
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
--
Sent from my mobile device
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
|
|