> If you decide to create an empty site (no DCs)for you subnets, the > autosite coverage algorithm will ensure that clients in that site are > authenticated with a DC in a nearby site. The DCs in the closest site > based on cost will register site-specific SRV records for the empty > site.
>From experience, I can tell you unequivocally that this is NOT the case. As recently as Win2k SP2. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Tucker, Mark [mailto:MTucker@;aelita.com] > Sent: Thursday, October 24, 2002 3:20 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Sites with no DC > > > I would agree that you want to register the subnets in Sites and > Services. > > If a client attempts to authenticate from a subnet that is not > registered, AD has no way to determine what site the client is in. It > this case, I believe the client will query DNS for all of the > DCs in the > domain and then attempt to contact each one in turn. The > first one that > replies will be used for authentication. > > If you decide to create an empty site (no DCs)for you subnets, the > autosite coverage algorithm will ensure that clients in that site are > authenticated with a DC in a nearby site. The DCs in the closest site > based on cost will register site-specific SRV records for the empty > site. > > -Mark > -----Original Message----- > From: Roger Seielstad [mailto:roger.seielstad@;inovis.com] > Sent: Thursday, October 24, 2002 9:39 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Sites with no DC > > > > Oh, and this all does assume that YOUR network engineers > TELL you when > > they put in a whole 'nother group of networks or sub-netted > something > > that you already had defined. No, really - I'm not bitter.... > > Glad to know that happens elsewhere, too. > > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message----- > > From: Rick Kingslan [mailto:rkingsla@;cox.net] > > Sent: Thursday, October 24, 2002 9:41 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > I'd agree with Roger on this one - unless you don't mind machines in > > Pnsacola FL. Authenticating in Reno, NV. If we don't have > one of our > > subnets defined to some site, we see messages from the > > Locator reporting > > that some machine at some site with the subnet xx.xx > couldn't find an > > associated site. It suggests that you might want to create a > > subnet for > > it. > > > > If these types of events are rare, or there are a small number of > > un-associated machines, or, if you have boatloads of > > bandwidth, then it > > might not be a problem. > > > > I'd take chance out of the equation and just create the subnets and > > associate them with your hub until you have a clearer idea > of what the > > traffic pattern should be. > > > > Oh, and this all does assume that YOUR network engineers > TELL you when > > they put in a whole 'nother group of networks or sub-netted > something > > that you already had defined. No, really - I'm not bitter.... > > > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > > Microsoft Certified Trainer > > MCSA, MCSE+I - Windows NT / 2000 > > > > "Any sufficiently advanced technology > > is indistinguishable from magic." > > --- Arthur C. Clarke > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:ActiveDir-owner@;mail.activedir.org] On Behalf Of > > > Roger Seielstad > > > Sent: Thursday, October 24, 2002 6:59 AM > > > To: '[EMAIL PROTECTED]' > > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > > > > >From experience, I wouldn't trust the locator to get > 'close' very > > > >often. > > > > > > During our initial deployment, the WAN team changed the IP > > > pools of our VPN concentrators. After looking through some of > > > the logs on domain controllers, we were seeing a very random > > > distribution of authentication, with some authentication > > > happening 4 WAN hops away, when there were multiple DCs on > > > different local subnets. > > > > > > I'd strongly suggest creating a subnet object for each subnet > > > on your network, and associating each of them with a site. > > > > > > ------------------------------------------------------ > > > Roger D. Seielstad - MCSE > > > Sr. Systems Administrator > > > Inovis - Formerly Harbinger and Extricity > > > Atlanta, GA > > > > > > > > > > -----Original Message----- > > > > From: Garello, Kenneth [mailto:KGarello@;worcester.edu] > > > > Sent: Wednesday, October 23, 2002 5:07 PM > > > > To: '[EMAIL PROTECTED]' > > > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > > > > > > > How much overhead does leaving it up to the locator incur? > > > > > > > > Ken > > > > > > > > -----Original Message----- > > > > From: Gil Kirkpatrick [mailto:gilk@;netpro.com] > > > > Sent: Wednesday, October 23, 2002 4:37 PM > > > > To: '[EMAIL PROTECTED]' > > > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > > > Hey Don, > > > > > > > > Is this your first post to the list? If so, welcome. > > > > > > > > To answer your question, no you don't have to create a site > > > > for each subnet. You can associate multiple subnets with a > > > > single site. Or you can leave the subnets unassigned, and the > > > > DC locator will do its best to find a DC "close" to the > > > > authenticating PC. > > > > > > > > -gil > > > > -----Original Message----- > > > > From: Don Murawski (Lenox) > > > > [mailto:Don.Murawski@;worldtravel.com] > > > > Sent: > > > > Wednesday, October 23, 2002 1:02 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: [ActiveDir] Sites with no DC > > > > We have subnets without dc's, do you need to create a > > > > site and subnet in Sites and Services anyway for those sites? > > > > > > > > Don L Murawski > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
