choice of BHS

  • Thread starter Thread starter francoise
  • Start date Start date
F

francoise

Hi,
i'd like to know if there is recommendations in the manual choice of bhs for
AD replication. is it better to take a GC ?

in the case, kcc automatically choose BHS, how does it proceed ? does the
fsmo roles or gc role are taken into consideration by istg ?

thanks inadvance
francoise
 
-----Original Message-----
Hi,
i'd like to know if there is recommendations in the manual choice of bhs for
AD replication. is it better to take a GC ?

in the case, kcc automatically choose BHS, how does it proceed ? does the
fsmo roles or gc role are taken into consideration by istg ?

thanks inadvance
francoise


.
Click to expand...
Francoise,

That is something that you must answer! What I mean by
that is that only you know your environment best.

Typically, it suffices to simply create the Site Link(s)
and let the KCC do its job. The KCC will dynamically
create and manage the incoming connection objects for all
Domain Controllers in a Site ( IntraSite Replication ).
This is clear. When an Admin creates a Site Link between
two Sites the KCC *should* dynamically create and manage
the Intersite replication as well. This entails that one
DC in each Site will be selected by the KCC to be the
Bridgehead Server. There will be two incoming connection
objects created by the KCC between the BHS in Site1 and
the BHS in Site2. AD Replication will take place based
on the current Schedule.

Remember, there are four components to InterSite
Replication: Name, Cost, Schedule and Transport. The
name should be clear. The cost is a value that you, the
Aministrator, give to this one specific link in
relationship to all the other exisiting links in your
environment. Low Cost means a faster connection and High
Cost means a slower connection. The schedule is, by
default, every 180 minutes ( 3 hours ). This can be
modified. The Transport would either be the more common
DS-RPC ( Directory Service - Remote Procedure Call ) or
ISM-SMTP ( Inter-Site Mechanism SMTP ). DS-RPC would be
used when you want to make direct, synchronous
connections using TCP/IP where reliability is not an
issue. ISM-SMTP uses digitally signed certificates and
are e-mailed from one DC to another. You would also need
to have MS Certificate Server installed. This would come
in use when you have 'less than reliable' connections
between the two Sites.

Naturally, as you well know, you can disable the KCC and
do everything yourself manually.

To answer your question: I do not know! The BHS for one
replication period may not necessarily be the same BHS
for the next replication period. I remember that this
really confussed me when I first started with AD. I used
ReplMon to look at this and noticed that the BHS
was "randomly" selected. Now, what does "random"
entail? In this specific situation there were two Sites,
each having two DCs and both DCs in each Site were GCs.
All five of the FSMO Roles were initially held by one DC
in Site2. That was changed tothe other DC in Site2. My
point: not sure that the FSMO Roles have anything to do
with the KCC selecting a given DC to be the BHS for a
Site.

I will have to look deeper into what determines which DC
in a Site is selected as the BHS for any given InterSite
replication period.

HTH,

Cary
 
-----Original Message-----

Francoise,

That is something that you must answer! What I mean by
that is that only you know your environment best.

Typically, it suffices to simply create the Site Link(s)
and let the KCC do its job. The KCC will dynamically
create and manage the incoming connection objects for all
Domain Controllers in a Site ( IntraSite Replication ).
This is clear. When an Admin creates a Site Link between
two Sites the KCC *should* dynamically create and manage
the Intersite replication as well. This entails that one
DC in each Site will be selected by the KCC to be the
Bridgehead Server. There will be two incoming connection
objects created by the KCC between the BHS in Site1 and
the BHS in Site2. AD Replication will take place based
on the current Schedule.

Remember, there are four components to InterSite
Replication: Name, Cost, Schedule and Transport. The
name should be clear. The cost is a value that you, the
Aministrator, give to this one specific link in
relationship to all the other exisiting links in your
environment. Low Cost means a faster connection and High
Cost means a slower connection. The schedule is, by
default, every 180 minutes ( 3 hours ). This can be
modified. The Transport would either be the more common
DS-RPC ( Directory Service - Remote Procedure Call ) or
ISM-SMTP ( Inter-Site Mechanism SMTP ). DS-RPC would be
used when you want to make direct, synchronous
connections using TCP/IP where reliability is not an
issue. ISM-SMTP uses digitally signed certificates and
are e-mailed from one DC to another. You would also need
to have MS Certificate Server installed. This would come
in use when you have 'less than reliable' connections
between the two Sites.

Naturally, as you well know, you can disable the KCC and
do everything yourself manually.

To answer your question: I do not know! The BHS for one
replication period may not necessarily be the same BHS
for the next replication period. I remember that this
really confussed me when I first started with AD. I used
ReplMon to look at this and noticed that the BHS
was "randomly" selected. Now, what does "random"
entail? In this specific situation there were two Sites,
each having two DCs and both DCs in each Site were GCs.
All five of the FSMO Roles were initially held by one DC
in Site2. That was changed tothe other DC in Site2. My
point: not sure that the FSMO Roles have anything to do
with the KCC selecting a given DC to be the BHS for a
Site.

I will have to look deeper into what determines which DC
in a Site is selected as the BHS for any given InterSite
replication period.

HTH,

Cary
.
Click to expand...
Opps! I spoke too soon! Should have done a search on
the MSKB and I would have found the following links:

http://support.microsoft.com/default.aspx?scid=kb;en-
us;224815&Product=win2000

http://support.microsoft.com/default.aspx?scid=kb;en-
us;271997&Product=win2000

http://support.microsoft.com/default.aspx?scid=kb;en-
us;320824&Product=win2000

Thank you for askingthis question. I learned something (
that I should have known! ).

Cary
 
Hi cary,
i've already read all the artciles you put in your mail.
but no answer about relation between roles and bhs. As you said, i think
there is no relation.

thanks
francoise
 
-----Original Message-----
Hi cary,
i've already read all the artciles you put in your mail.
but no answer about relation between roles and bhs. As you said, i think
there is no relation.

thanks
francoise

"Cary Shultz [MVP]" <[email protected]> a écrit dans le message de [email protected]...


.
Click to expand...
Francoise,

I just consulted with Matjaz Ladava ( another MVP ) and
was informed that the GUID of the DC (the DC with the
lowest GUID ) is the determining factor IF you, the
Administrator, have not already made any DCs a Preferred
Bridgehead Server. This is the information that the KCC
uses ( and I am pretty sure that it is in one of those
MSKB Articles ). BTW - If you do make a DC a Preferred
BHS then you should make two DCs a Preferred BHS. Also,
remember you need to select the Transport ( either DS-RPC
or ISM-SMTP ) to be used. Furthermore, you would need to
make sure that the PBHS is for all three Naming Contexts (
aka AD Partitions ). The reason is that if you make only
one DC a Preferred BHS and that DC becomes unavailable
then the KCC will not select any of the remaining DCs to
be a BHS, thus ensuring that there will not be any
Intersite Replication between "those" two Sites.

So, yes, I was right in that any FSMO Role that a DC might
hold does not play any role whatsoever in determining
which DC is to be a BHS.

HTH,

Cary
 
Back
Top