+ Reply to Thread
Results 1 to 8 of 8
  1. ABL - Always Be Labbin' Iristheangel's Avatar
    Join Date
    Dec 2009
    Location
    Pasadena, CA
    Posts
    3,669

    Certifications
    CISSP, CCIE DC, CCNP R&S/DC, CCDP, CCNA:RS/S/V/DC, CCDA, BCVRE, BCEFP, BCNE, CEH, CHFI, MCSE:S, MCDST, A/S/L/P/N+, some useless Citrix and CIW certs
    #1

    Default Random AD question

    So I'm studying for my 70-294 and while at work, I decided to open up AD Sites and Services to take a look at how our company's structure is set up.

    I work in a single domain health system with about 10 different hospital sites (all having high speed connections I believe) and each site has 2+ domain controllers. From what I can see, NONE of the domain controllers are acting as bridgeheads and every single domain controller is set as having a copy of the global catalog on it. Correct me if I'm wrong, but wouldn't this setup be using more bandwidth than setting up bridgeheads between sites and not having EVERY domain controller in the domain set up as a global catalog server? Is there any benefits to the way they have this set up that I'm missing here? As far as I understand, global catalogs are useful when there are multiple domains and even then, you wouldn't want to set up EVERY domain controller in the domain as a global catalog server.

    Thanks for hearing me out. If I'm missing something, I would love to have some insight into this AD design.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #2
    Are there applications that query the GC? If there are and you remove the local GCs, all the GC traffic will have to traverse WAN links.
    Reply With Quote Quote  

  4. ABL - Always Be Labbin' Iristheangel's Avatar
    Join Date
    Dec 2009
    Location
    Pasadena, CA
    Posts
    3,669

    Certifications
    CISSP, CCIE DC, CCNP R&S/DC, CCDP, CCNA:RS/S/V/DC, CCDA, BCVRE, BCEFP, BCNE, CEH, CHFI, MCSE:S, MCDST, A/S/L/P/N+, some useless Citrix and CIW certs
    #3
    Quote Originally Posted by dynamik View Post
    Are there applications that query the GC? If there are and you remove the local GCs, all the GC traffic will have to traverse WAN links.
    It's possible, but I can't be absolutely sure. I don't have complete knowledge about what every other department does there. Even then though, if you have 6 DCs at one site, why set all of them as having a copy of the GC? That seems like a LOT of redundancy at each site not to mention the added replication traffic for updating the GC for all 50+ DCs in the domain. What about not setting up bridgeheads? Wouldn't that be a huge lag on bandwidth if 50+ DCs are just replicating between sites?
    Reply With Quote Quote  

  5. Senior Member Technito's Avatar
    Join Date
    Nov 2009
    Location
    Cincinnati, OH
    Posts
    152

    Certifications
    A+, Network+, Security+, MCP, MCSA 2003: Security, MCSE 2003: Security, CVE 5.0
    #4
    Quote Originally Posted by Iristheangel View Post
    So I'm studying for my 70-294 and while at work, I decided to open up AD Sites and Services to take a look at how our company's structure is set up.

    I work in a single domain health system with about 10 different hospital sites (all having high speed connections I believe) and each site has 2+ domain controllers. From what I can see, NONE of the domain controllers are acting as bridgeheads and every single domain controller is set as having a copy of the global catalog on it. Correct me if I'm wrong, but wouldn't this setup be using more bandwidth than setting up bridgeheads between sites and not having EVERY domain controller in the domain set up as a global catalog server? Is there any benefits to the way they have this set up that I'm missing here? As far as I understand, global catalogs are useful when there are multiple domains and even then, you wouldn't want to set up EVERY domain controller in the domain as a global catalog server.

    Thanks for hearing me out. If I'm missing something, I would love to have some insight into this AD design.
    It's more than likely setup this way for redundancy and maximum efficiency. But if there are less than 100 users in each site, then there has to be an application, VPN server or something that's querying the global catalog very often for the need of 2 GC servers in a single site. Understand that preferred bridgehead servers only specify the primary DC responsible for site replication. Not specifying a preferred bridgehead server still allows both DC's to replicate, but does not designate a server as primarily responsible. This minimizes hardware strain on a single server. And the bandwidth AD replication uses is not all that excessive as long there is at least one global catalog in each site.
    Reply With Quote Quote  

  6. ABL - Always Be Labbin' Iristheangel's Avatar
    Join Date
    Dec 2009
    Location
    Pasadena, CA
    Posts
    3,669

    Certifications
    CISSP, CCIE DC, CCNP R&S/DC, CCDP, CCNA:RS/S/V/DC, CCDA, BCVRE, BCEFP, BCNE, CEH, CHFI, MCSE:S, MCDST, A/S/L/P/N+, some useless Citrix and CIW certs
    #5
    Quote Originally Posted by Technito View Post
    It's more than likely setup this way for redundancy and maximum efficiency. But if there are less than 100 users in each site, then there has to be an application, VPN server or something that's querying the global catalog very often for the need of 2 GC servers in a single site. Understand that preferred bridgehead servers only specify the primary DC responsible for site replication. Not specifying a preferred bridgehead server still allows both DC's to replicate, but does not designate a server as primarily responsible. This minimizes hardware strain on a single server. And the bandwidth AD replication uses is not all that excessive as long there is at least one global catalog in each site.

    Thanks for the answer. That makes a lot more sense.
    Reply With Quote Quote  

  7. Reply With Quote Quote  

  8. ABL - Always Be Labbin' Iristheangel's Avatar
    Join Date
    Dec 2009
    Location
    Pasadena, CA
    Posts
    3,669

    Certifications
    CISSP, CCIE DC, CCNP R&S/DC, CCDP, CCNA:RS/S/V/DC, CCDA, BCVRE, BCEFP, BCNE, CEH, CHFI, MCSE:S, MCDST, A/S/L/P/N+, some useless Citrix and CIW certs
    #7
    Reply With Quote Quote  

  9. CLI Junkie DragonNOA1's Avatar
    Join Date
    Jul 2006
    Location
    Na Pali Haven
    Posts
    148

    Certifications
    A+, Network+, Security+, MCSE:S 2003
    #8
    Quote Originally Posted by Iristheangel View Post
    I work in a single domain...
    Only one domain in the forest? Then adding every DC as a GC server would add next to nothing in replication traffic.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks