Discussion:
2 dc's over wan link... need advice
(too old to reply)
j***@NOSPAMoptonline.net
2004-06-03 13:33:41 UTC
Permalink
i have a client with headquarters in NY and another office in FL. both
offices have DSL connections to the internet with static IP addresses. the 2
offices are constantly connected to eachother via an L2TP VPN connection
that is established between 2 internet security appliances (1 at each
location). the 1 and only domain controller is in NY. (2000 server, AD, DHCP
etc....) the problem, of course is speed. when a user logs on to the domain
in Florida, the logon can take up to 5 minutes at times! this has become
unacceptable and we are putting in another server in Florida. what would be
the best way to configure this? should i bring the new server online in
Florida and simply dcpromo it and leave it at that? will the Florida clients
be automatically authenticated by the new server in Florida simply because
its closer, or will some configuration be necessary. and since i can hear
the rumbles already ill say this... a second subnet or domain is out of the
question. i tried, and management isnt happy for whatever reason. any advice
on this?
unknown
2004-06-03 16:05:28 UTC
Permalink
Post by j***@NOSPAMoptonline.net
the best way to configure this? should i bring the new server online in
Florida and simply dcpromo it and leave it at that?
As long as it can see the remote Domain properly to be able to join it and
become a DC in it,...yes that is a way to do it. But remember that all
Active Directory Replication must now occur over that already slow link.
Post by j***@NOSPAMoptonline.net
will the Florida clients
be automatically authenticated by the new server in Florida simply because
its closer, or will some configuration be necessary. and since i can hear
Typically it happens with whichever DC is the "quickest to the draw", which
obviously would be the DC on FL.
Post by j***@NOSPAMoptonline.net
the rumbles already ill say this... a second subnet or domain is out of the
question. i tried, and management isnt happy for whatever reason. any advice
on this?
They they are "making their bed" and must "lay in it". Businesses and
Organizations are the victems of their own choices,.. they bring things on
themselves. Whether it performs good, bad, or average,...they are stuck with
it by thier own choice,...they must be made to understand that. I'm not
saying that the Domain Controller method is bad or good, I'm just saying, if
that is all they allow then what they get is what they get.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
unknown
2004-06-03 16:28:29 UTC
Permalink
I should mention that you should look in the Active Directory Sites. It can
all be in one Domain yet a different "Site" and that may be more suitable
over a slow link. Active Directory isn't my "area" so you may want to
investigate that on your own.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
j***@NOSPAMoptonline.net
2004-06-03 17:34:17 UTC
Permalink
hhmm.. ok. thank you. anyone else following this have any suggestions?
Post by unknown
I should mention that you should look in the Active Directory Sites. It can
all be in one Domain yet a different "Site" and that may be more suitable
over a slow link. Active Directory isn't my "area" so you may want to
investigate that on your own.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
oothlagre
2004-06-03 19:55:21 UTC
Permalink
I don't have the rest of the thread, but Active Directory Sites and Services
lets you build sites so Windows knows physically where each major network
device or AD computer is located. You go in to sites and say you have 1
Domain, but it is located in New York and Paris. You set up a site for New
York and on for Paris and put the computers from each city into those
groups.

Windows will compress AD replication traffic to compensate for slow WAN
links. Local workstations are also directed to GCs in this manner. It will
tell a PC in New York to authenticate in New York instead of going over the
WAN link to Paris.

Henry
Post by j***@NOSPAMoptonline.net
hhmm.. ok. thank you. anyone else following this have any suggestions?
Post by unknown
I should mention that you should look in the Active Directory Sites. It
can
Post by unknown
all be in one Domain yet a different "Site" and that may be more suitable
over a slow link. Active Directory isn't my "area" so you may want to
investigate that on your own.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
unknown
2004-06-03 20:18:13 UTC
Permalink
Yea, I think that is what he needs. I guess I tripped and fell face first
into the right answer there... :-)
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Post by oothlagre
I don't have the rest of the thread, but Active Directory Sites and Services
lets you build sites so Windows knows physically where each major network
device or AD computer is located. You go in to sites and say you have 1
Domain, but it is located in New York and Paris. You set up a site for New
York and on for Paris and put the computers from each city into those
groups.
Windows will compress AD replication traffic to compensate for slow WAN
links. Local workstations are also directed to GCs in this manner. It will
tell a PC in New York to authenticate in New York instead of going over the
WAN link to Paris.
Henry
Post by j***@NOSPAMoptonline.net
hhmm.. ok. thank you. anyone else following this have any suggestions?
Post by unknown
I should mention that you should look in the Active Directory Sites.
It
Post by oothlagre
Post by j***@NOSPAMoptonline.net
can
Post by unknown
all be in one Domain yet a different "Site" and that may be more
suitable
Post by j***@NOSPAMoptonline.net
Post by unknown
over a slow link. Active Directory isn't my "area" so you may want to
investigate that on your own.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Bill Grant
2004-06-04 02:17:57 UTC
Permalink
I agree. AD sites is definitely the way to go.
Post by unknown
Yea, I think that is what he needs. I guess I tripped and fell face first
into the right answer there... :-)
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Post by oothlagre
I don't have the rest of the thread, but Active Directory Sites and
Services
Post by oothlagre
lets you build sites so Windows knows physically where each major network
device or AD computer is located. You go in to sites and say you have 1
Domain, but it is located in New York and Paris. You set up a site for New
York and on for Paris and put the computers from each city into those
groups.
Windows will compress AD replication traffic to compensate for slow WAN
links. Local workstations are also directed to GCs in this manner. It will
tell a PC in New York to authenticate in New York instead of going over
the
Post by oothlagre
WAN link to Paris.
Henry
Post by j***@NOSPAMoptonline.net
hhmm.. ok. thank you. anyone else following this have any suggestions?
Post by unknown
I should mention that you should look in the Active Directory Sites.
It
Post by oothlagre
Post by j***@NOSPAMoptonline.net
can
Post by unknown
all be in one Domain yet a different "Site" and that may be more
suitable
Post by j***@NOSPAMoptonline.net
Post by unknown
over a slow link. Active Directory isn't my "area" so you may want to
investigate that on your own.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
j***@NOSPAMoptonline.net
2004-06-04 19:32:43 UTC
Permalink
ok so as of now there is one domain and one site (the default first site).
so youre suggesting a second site, called florida, and moving all florida
pc's into this site? is that done through ad users and computers after the
site is created in sites and services?
Post by Bill Grant
I agree. AD sites is definitely the way to go.
Post by unknown
Yea, I think that is what he needs. I guess I tripped and fell face first
into the right answer there... :-)
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Post by oothlagre
I don't have the rest of the thread, but Active Directory Sites and
Services
Post by oothlagre
lets you build sites so Windows knows physically where each major
network
Post by unknown
Post by oothlagre
device or AD computer is located. You go in to sites and say you have 1
Domain, but it is located in New York and Paris. You set up a site for
New
Post by unknown
Post by oothlagre
York and on for Paris and put the computers from each city into those
groups.
Windows will compress AD replication traffic to compensate for slow WAN
links. Local workstations are also directed to GCs in this manner. It
will
Post by unknown
Post by oothlagre
tell a PC in New York to authenticate in New York instead of going over
the
Post by oothlagre
WAN link to Paris.
Henry
Post by j***@NOSPAMoptonline.net
hhmm.. ok. thank you. anyone else following this have any suggestions?
Post by unknown
I should mention that you should look in the Active Directory Sites.
It
Post by oothlagre
Post by j***@NOSPAMoptonline.net
can
Post by unknown
all be in one Domain yet a different "Site" and that may be more
suitable
Post by j***@NOSPAMoptonline.net
Post by unknown
over a slow link. Active Directory isn't my "area" so you may
want
Post by Bill Grant
to
Post by unknown
Post by oothlagre
Post by j***@NOSPAMoptonline.net
Post by unknown
investigate that on your own.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Bill Grant
2004-06-05 02:31:40 UTC
Permalink
Yes, you create the site and then move objects into it from sites and
services.
Post by j***@NOSPAMoptonline.net
ok so as of now there is one domain and one site (the default first site).
so youre suggesting a second site, called florida, and moving all florida
pc's into this site? is that done through ad users and computers after the
site is created in sites and services?
Post by Bill Grant
I agree. AD sites is definitely the way to go.
Post by unknown
Yea, I think that is what he needs. I guess I tripped and fell face
first
Post by Bill Grant
Post by unknown
into the right answer there... :-)
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Post by oothlagre
I don't have the rest of the thread, but Active Directory Sites and
Services
Post by oothlagre
lets you build sites so Windows knows physically where each major
network
Post by unknown
Post by oothlagre
device or AD computer is located. You go in to sites and say you
have
Post by j***@NOSPAMoptonline.net
1
Post by Bill Grant
Post by unknown
Post by oothlagre
Domain, but it is located in New York and Paris. You set up a site for
New
Post by unknown
Post by oothlagre
York and on for Paris and put the computers from each city into those
groups.
Windows will compress AD replication traffic to compensate for slow
WAN
Post by Bill Grant
Post by unknown
Post by oothlagre
links. Local workstations are also directed to GCs in this manner. It
will
Post by unknown
Post by oothlagre
tell a PC in New York to authenticate in New York instead of going
over
Post by Bill Grant
Post by unknown
the
Post by oothlagre
WAN link to Paris.
Henry
Post by j***@NOSPAMoptonline.net
hhmm.. ok. thank you. anyone else following this have any
suggestions?
Post by Bill Grant
Post by unknown
Post by oothlagre
Post by j***@NOSPAMoptonline.net
Post by unknown
I should mention that you should look in the Active Directory
Sites.
Post by Bill Grant
Post by unknown
It
Post by oothlagre
Post by j***@NOSPAMoptonline.net
can
Post by unknown
all be in one Domain yet a different "Site" and that may be more
suitable
Post by j***@NOSPAMoptonline.net
Post by unknown
over a slow link. Active Directory isn't my "area" so you may
want
Post by Bill Grant
to
Post by unknown
Post by oothlagre
Post by j***@NOSPAMoptonline.net
Post by unknown
investigate that on your own.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Continue reading on narkive:
Loading...