We are implementing lag sites in our production AD environment. We used to have a lag site which we used to implement a schema change in a controlled environment but we recently tore it down. However, we will be recreating the lag site as this is an essential piece of our infrastructure.
The single lag site is cost effective and you can set your max replication latency to 1 week, at most. With this design, changes that occur just prior to the replication schedule will get replicated to the lag site. This is one reason we are looking at implementing double lag sites in our environment. This will buy us a 2-week maximum delay replication. You will also need to change the following registry key and account for the lag site in your monitoring solution. HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) As for preventing offsite authentication, an alternative may be to disable registration of the generic SRV records for the target domain controllers. There are policy settings that are built-in to Windows 2003 that are discussed in detail in the DNS chapter of the Branch Office Deployment Guide for 2003. - Arden On 5/18/05, Dan Holme <[EMAIL PROTECTED]> wrote: > I have several large clients who are going this direction and are in > testing right now. Things look quite good. > > I had read somewhere that an alternative approach to preventing > authentication to the 'lag' DCs was to stop the Netlogon service. The > approach of removing DNS records seems more elegant, and I'll be > interested to hear ppls thoughts on these alternatives. > > > > Dan > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Danny > Sent: Wednesday, May 18, 2005 6:45 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] AD DR - replication lag site > > I am interested in your thoughts regarding this suggestion for DR: > > <http://searchwin2000.techtarget.com/tip/1,289483,sid1_gci1086805,00.htm > l> > (You may need to register) > > Basically it states that you should create another AD site and set the > replication for 168 hours. > > Thank you, > > ...D > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
