I have a Windows 2000 Domain. We have a main corporate office and about 10 branch offices, all connected by high-speed internet data lines. I want to set AD to replication in a hub-spoke architecture. For each NTDS object in each site, do I need to have a connection setup for every other object in the directory, or just the servers I want replication to occur between? Also, For the site links, do I have to create a link for each possible site-site connection, or just the hub-spoke connections? Thanks.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Sites Replication Setup
- Thread starter sfortner
- Start date
mrmoneymatters
MIS
So, do you have domain controllers at each of these branches?
Are you connected by internet and vpn, or are they private lines?
Are you connected by internet and vpn, or are they private lines?
- Thread starter
- #3
- Thread starter
- #5
the KCC takes care of creating your conenction objects for replication automatically. you shouldn't create anything as far as conenction objects. if they dont create ,you have name resolution issues most likely.
GCs should be in each site, regardless of whether you have a T1 or not, to speed up logon at the local LAN
your replication (the KCC) will follow the site links you set up. if you want a hub and spoke topology do this...
delete the deaultipsitelink...this contains, and will contain, all sites you make...effectivly making a mesh topology
create a site link between the main site and each remote site.
so main--->remote1
main-->remote2
main-->remote3
etc.
this will make the kcc create connection objects only to the hub site (main in my example)
in addition to that, if you want a backup replication site, you can create other site links with higher costs between the remote sites in case teh main sites public line ever goes down to prevent some replication issues.
you can also constrain the replication traffic coming in by setting a brdgehead server in the main site...but this is really overkill.
you also need to make sure your subnets are created and attached to the approrpiate sites of course.
take a look at 179442 and make sure the ports mentioned in the win2000 section are open on your firewalls...with the exception of where it says rpc 1024-655xx..all you need to open is 1024-5000 for those ports.
technically, you don't need to have a gc in each site...but it should speed up logon by having it. if you go to 2003, than you can use universal group memebrship caching on thsoe servers in the remote sites instead....this does essentially the same thing without the replication intervals. it also tracks global groups despite the name.
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
GCs should be in each site, regardless of whether you have a T1 or not, to speed up logon at the local LAN
your replication (the KCC) will follow the site links you set up. if you want a hub and spoke topology do this...
delete the deaultipsitelink...this contains, and will contain, all sites you make...effectivly making a mesh topology
create a site link between the main site and each remote site.
so main--->remote1
main-->remote2
main-->remote3
etc.
this will make the kcc create connection objects only to the hub site (main in my example)
in addition to that, if you want a backup replication site, you can create other site links with higher costs between the remote sites in case teh main sites public line ever goes down to prevent some replication issues.
you can also constrain the replication traffic coming in by setting a brdgehead server in the main site...but this is really overkill.
you also need to make sure your subnets are created and attached to the approrpiate sites of course.
take a look at 179442 and make sure the ports mentioned in the win2000 section are open on your firewalls...with the exception of where it says rpc 1024-655xx..all you need to open is 1024-5000 for those ports.
technically, you don't need to have a gc in each site...but it should speed up logon by having it. if you go to 2003, than you can use universal group memebrship caching on thsoe servers in the remote sites instead....this does essentially the same thing without the replication intervals. it also tracks global groups despite the name.
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
- Status
Similar threads
