2 schools of thought

by definition sites and services is a connection of highly connected
computers, to a DC. So ideally a physical site would have a DC or at least a
10Mbps connection to a DC. However we have remote offices with no DC on a T1.

Some would use sites and services to point them to a DC and some would not
and rather rely on the most available DC.

Our environment consists of a national fully meshed IP network.

Please let me know what would bethe BEST PRACTICE, thanks.
--

Steve,

Steve schrieb:
> by definition sites and services is a connection of highly connected
> computers, to a DC. So ideally a physical site would have a DC or at least a
> 10Mbps connection to a DC. However we have remote offices with no DC on a T1.
>
> Some would use sites and services to point them to a DC and some would not
> and rather rely on the most available DC.
>
> Our environment consists of a national fully meshed IP network.

If the links are okay and reliable, I wouldn't put any further efforts
in there. By default, DCs from other sites will notice that there's a
site without a DC. The best-connected DCs (that's made up from the cost
between the sites) will register their SRV-records for the DC-less site
so that they're getting picked when clients search for DCs to
authenticate to.

If you feel like the line is too small to carry the whole authentication
traffic, you'd probably want to place a DC over there.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your
lab.

If a remote site has only a few users and no applications that rely on a
global catalog, you would probably be best to not have a dc at this site.
Once you approach (IIRC) 50 users and/or have a site aware application you
should then consider a dc at this location.

http://technet.microsoft.com/en-us/l...68(WS.10).aspx

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Steve" <> wrote in message
news:C7743534-A64C-4D62-9DE7-...
> by definition sites and services is a connection of highly connected
> computers, to a DC. So ideally a physical site would have a DC or at least
> a
> 10Mbps connection to a DC. However we have remote offices with no DC on a
> T1.
>
> Some would use sites and services to point them to a DC and some would not
> and rather rely on the most available DC.
>
> Our environment consists of a national fully meshed IP network.
>
> Please let me know what would bethe BEST PRACTICE, thanks.
> --
>

I tend to agree.
So I do not need to map those subnets (no DC over T1) to any sites then
right? Thanks.


"Florian Frommherz [MVP]" wrote:

> Steve,
>
> Steve schrieb:
> > by definition sites and services is a connection of highly connected
> > computers, to a DC. So ideally a physical site would have a DC or at least a
> > 10Mbps connection to a DC. However we have remote offices with no DC on a T1.
> >
> > Some would use sites and services to point them to a DC and some would not
> > and rather rely on the most available DC.
> >
> > Our environment consists of a national fully meshed IP network.
>
> If the links are okay and reliable, I wouldn't put any further efforts
> in there. By default, DCs from other sites will notice that there's a
> site without a DC. The best-connected DCs (that's made up from the cost
> between the sites) will register their SRV-records for the DC-less site
> so that they're getting picked when clients search for DCs to
> authenticate to.
>
> If you feel like the line is too small to carry the whole authentication
> traffic, you'd probably want to place a DC over there.
>
> Cheers,
> Florian
> --
> Microsoft MVP - Group Policy
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
> ANY advice you get on the Newsgroups should be tested thoroughly in your
> lab.
> .
>

"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:...
> If a remote site has only a few users and no applications that rely on a
> global catalog, you would probably be best to not have a dc at this site.
> Once you approach (IIRC) 50 users and/or have a site aware application you
> should then consider a dc at this location.
>
> http://technet.microsoft.com/en-us/l...68(WS.10).aspx

Just an FYI, actually all the Microsoft AD courseware for 2000, 2003 & 2008
state the magic number (of users at a site) to consider a placing a DC/GC,
is 10. I would have to dig it all up and quote from the courseware, but
that's what stated.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Actually it can go as high as 100.

"Number of users and usage profiles
-------------------------------------
The number of users and their usage profiles at a given location can help
determine whether you need to place regional domain controllers at that
location. To avoid productivity loss if a WAN link fails, place a regional
domain controller at a location that has 100 or more users."

From:
http://technet.microsoft.com/en-us/l...69(WS.10).aspx

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Ace Fekay [MCT]" <> wrote in message
news:...
> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
> news:...
>> If a remote site has only a few users and no applications that rely on a
>> global catalog, you would probably be best to not have a dc at this site.
>> Once you approach (IIRC) 50 users and/or have a site aware application
>> you should then consider a dc at this location.
>>
>> http://technet.microsoft.com/en-us/l...68(WS.10).aspx
>
> Just an FYI, actually all the Microsoft AD courseware for 2000, 2003 &
> 2008 state the magic number (of users at a site) to consider a placing a
> DC/GC, is 10. I would have to dig it all up and quote from the courseware,
> but that's what stated.
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
> 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>

"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:...
> Actually it can go as high as 100.
>
> "Number of users and usage profiles
> -------------------------------------
> The number of users and their usage profiles at a given location can help
> determine whether you need to place regional domain controllers at that
> location. To avoid productivity loss if a WAN link fails, place a regional
> domain controller at a location that has 100 or more users."
>
> From:
> http://technet.microsoft.com/en-us/l...69(WS.10).aspx
>

I don't remember the 2008 courseware, but 2000 & 2003 stated 10. I wouldn't
feel comfortable anyway with 100 users in a remote location saturating the
WAN link with logon, authentication, and especially Exchange-Outlook client
communications.

Ace

Latest course on 2008 that I have read was 50 or a site aware application.
This is the first time I have seen 100, but I agree that is a large number.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Ace Fekay [MCT]" <> wrote in message
news:%...
> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
> news:...
>> Actually it can go as high as 100.
>>
>> "Number of users and usage profiles
>> -------------------------------------
>> The number of users and their usage profiles at a given location can help
>> determine whether you need to place regional domain controllers at that
>> location. To avoid productivity loss if a WAN link fails, place a
>> regional domain controller at a location that has 100 or more users."
>>
>> From:
>> http://technet.microsoft.com/en-us/l...69(WS.10).aspx
>>
>
> I don't remember the 2008 courseware, but 2000 & 2003 stated 10. I
> wouldn't feel comfortable anyway with 100 users in a remote location
> saturating the WAN link with logon, authentication, and especially
> Exchange-Outlook client communications.
>
> Ace
>
>
>

"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:...
> Latest course on 2008 that I have read was 50 or a site aware application.
> This is the first time I have seen 100, but I agree that is a large
> number.
>

Yes, I agree 100 is pretty high, unless of course for 100 people, I would
assume a minimal of a full T1 (not fractional) is used. But I would still
honestly put a DC/GC in way lower than that, and matter of fact, 10 may be a
little low, but 15, 20 or more, I would definitely suggest and recommend a
DC/GC.

Ace

ok friends, we've gotten off the topic. In an ideal world we would have a
local DC but its not in the cards for some of these remote locations. So if I
am hearing you all correctly it is not necessary to map remote subnets to
sites with DC's correct? Please read from beginning if necessary - thanks
everyone.
--
Steve

"Ace Fekay [MCT]" wrote:

> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
> news:...
> > Latest course on 2008 that I have read was 50 or a site aware application.
> > This is the first time I have seen 100, but I agree that is a large
> > number.
> >
>
> Yes, I agree 100 is pretty high, unless of course for 100 people, I would
> assume a minimal of a full T1 (not fractional) is used. But I would still
> honestly put a DC/GC in way lower than that, and matter of fact, 10 may be a
> little low, but 15, 20 or more, I would definitely suggest and recommend a
> DC/GC.
>
> Ace
>
>
> .
>