Active Directory Star Topology
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Active Directory Star Topology

  1. #1
    Senior Member
    Join Date
    Jul 2004
    Posts
    177

    Active Directory Star Topology

    Hi, I'm planning a windows 2000 server domain deployment. The idea is that:

    I've a fully connected star VPN over ADSL and I would like to create a Active directory site with a domain server in each site. I think the best is deploy a simple star topology (I mean the central server is connected with everyone but the edge servers are only connected with the central one) which replicate the "central" server to the rest of the sites and create a bigger coost links between the "edge" servers in case "central" falls.

    Hope to be clear enough.... I'm lookibg for sample configurations or some kind of tutorial.

    I would like to know if all the DC have to be global catalog in order to allow the clients login to the domain in case the link with the main site don't work also.

    Thank you!

  2. #2
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Not all DC have to be Global Catalog. Here a quote from a book I have.

    Universal membership caching eliminates the dependency on the availability of a global catalog server during logons. When this feature is enabled on a domain operating in Windows Server 2003 operations mode, any domain controller can resolve logon requests locally without having to go through the global catalog server.

    On a Windows Server 2003 that isn't currently acting as a global catalog server, you can enable or disable universal group membership caching by completing the following steps:

    Start Active Directory Sites And Services.

    In the console tree, expand the tree view for the site you want to work with by clicking the plus sign (+) next to the site name.

    Expand the Servers folder for the site, and then click the server you want to configure to host the global catalog.

    In the View pane, right-click NTDS Settings and then select Properties.

    To enable universal group membership caching, select Enable Universal Group Membership Caching in the General tab.

    To disable universal group membership caching, clear Enable Universal Group Membership Caching in the General tab.
    -Simon \"SDK\"

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    SDK: Nice response... the only problem is that he is trying to set up a Win2K domain not a Win2k3 and the facility you are referring to doesn't exist in Win2K.....

    Derek:

    When you create the topology in AD Sites and Services the star topology you refer to will automatically be created. However, (it's been a long time since I was deep in th theory of AD), I believe AD will decide it's replication topology in a round robin fashion in order to make the replication more efficient. Therefore you may find that there will be increased traffic across the network because of that. On the bright side, unless you have a very large AD with a lot of changes you probably won't notice it and if it is a problem then you could alter the replication schedule or schedule it manually to take place after hours. If you do that then you might want a GC in every location - which probably won't hurt anyway - but you can get around it by allowing the clients to cache login credentials.

    If your central server fails then AD _should_ continue to replicate amongst themselves regardless of the failure but you may start to find AD going squirrelly if the outage is extended and an awful lot of errors in the logs.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Thank you both. Actually it's true that i'm talking about win2k, but good to know the new stuff in 2k3 for other projects I'm in.

    The reason I'm dploying this AD architecture is that now they have only one DC in the central location and they use a distributed application with a distributed BD. They have one SQL server in each location in order to prevent line problems but the point is that when it occurs (the line fall) the system become very slow (mostly on logons). So, i was wondering if promoting the SQL servers in each location will be enough to solve the problem. The other point is what happens if the line goes down in the middle of a promotion process

    And I guess that the reason you have to create the subnets in every site is to determine with one of the DC a client is doing the login....

    As you can see I'm very lost in this process, the AD is small compared with other ones I'm administering, but is my first distributed one...

    Any help will be appreciated!!!!

    Thanks

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ok... You have 500 users.... Thats not a bad sized AD.... AD gets big quite quickly. I would suggest that you do not promote SQL servers to AD controllers.... Microsoft themselves say it's a "no-no". You will severely degrade the performance of both SQL and AD. If you can free up a machine at each location or have non-SQL servers at those locations then I would consider promoting them to controllers.

    It's against "best practice" anyway to have only one AD controller on any network. It's safer and better practice to have a minimum of two even if they are in the same physical location. Since you have distrubuted locations place one anywhere other than the central location in case of a disaster.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    In this network I don't have 500 users... Did you guess it for my post in the network security forum? This network is more little, somwthing like 100 users and no more 15 machines each location, with 8 locations.

    Regarding not to have AD and SQL in the same machine... They won't put another dedicated server in each location... and neither SQL or AD are so big, I don't think it'll be big trouble, right?

    I'm testing with VM and finally I have a DC/GC in each location with one IP Inter-Site transport between the central and each edge and yet another one, with bigger cost, between all edges in case central fall. Should be enough....

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If the SQL servers have capacity to spare you may be able to get by.... But I would research your potential issues before you decide to take that route.... The again, it sounds like you aren't being given much choice.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    The project is at beggining. I'll investigate this, always can use a worksation as a AD... Thank you anyway, I didn't know that there is a problem with that!!

    By the way, do you think (if I has the new machines in each location) that is a good topology?

    I have a DC/GC in each location with one IP Inter-Site transport between the central and each edge and yet another one, with bigger cost, between all edges in case central fall.

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    It sounds reasonable and is also heavily dependent on the actual cost of each T1 or whatever between locations.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    I'm sorry for my answer that talk about Win2K3. I understand why you want a W2K domain now; to run them on your SQL server who was probably in W2K. If you are to buy new pc at very remote location to install a DC on them, do you think to move to Win2K3 domain?
    -Simon \"SDK\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •