Site without a DC?

[Guest]

I have 5 offices all with local file servers. 3 of the offices are very
small and do not have their own Domain Controler (and therefor do not have
their own "site" in AD). I am running into issues where it seems like those
offices are not able to choose the closest DFS Target because there subnets
are in the same site as one of the larger offices and they don't know which
target is best.

My question is, is there anything wrong with me creating a site without a
Domain Controler? It seems like doing so would give DFS the information it
needs to choose Targets; will I run into issues not having a DC?

 

[Herb Martin]

I have 5 offices all with local file servers. 3 of the offices are very
small and do not have their own Domain Controler (and therefor do not have
their own "site" in AD).

Usually reasonable. (Although sites MAY be created if you have
a reason) without a DC.

I am running into issues where it seems like those
offices are not able to choose the closest DFS Target because there
subnets
are in the same site as one of the larger offices and they don't know
which
target is best.

There is a reason for creating sites -- or at least ADDING their
SUBNETS to the "nearest site" -- the one you wish them to use
for DFS and DC-authentication.

My question is, is there anything wrong with me creating a site without a
Domain Controler?

Probably not, but there is little reason UNLESS you have a
"site aware" server THERE -- like a local DFS, but then you
should likely have a DC also.

It seems like doing so would give DFS the information it
needs to choose Targets; will I run into issues not having a DC?

My first suggestion would be to put those "DC-less location"
subnets in the "nearest site" unless there are site-aware servers
locally.

If access to those servers is critical then there should be a local
DC too.

 

[Guest]

Thanks for the info. I currently have the subnets on the nearest site, but
that is giving us problems with DFS. We DO have file servers running DFS in
each office, but not a DC. So that is causing the clients to randomly select
a DFS target on their site, so they often connect to servers over the WAN
instead of the local LAN server.

I know it sounds a little silly, but we have a policy against DCs acting as
file servers, and I don't want to pay for 2 servers in these small offices.
Part of the reason is that I am not a Domain Admin, so it would be hard for
me to properly administrate my file server if it was on a DC.

I have 5 offices all with local file servers. 3 of the offices are very
small and do not have their own Domain Controler (and therefor do not have
their own "site" in AD).

Usually reasonable. (Although sites MAY be created if you have
a reason) without a DC.

I am running into issues where it seems like those
offices are not able to choose the closest DFS Target because there
subnets
are in the same site as one of the larger offices and they don't know
which
target is best.

There is a reason for creating sites -- or at least ADDING their
SUBNETS to the "nearest site" -- the one you wish them to use
for DFS and DC-authentication.

My question is, is there anything wrong with me creating a site without a
Domain Controler?

Probably not, but there is little reason UNLESS you have a
"site aware" server THERE -- like a local DFS, but then you
should likely have a DC also.

It seems like doing so would give DFS the information it
needs to choose Targets; will I run into issues not having a DC?

My first suggestion would be to put those "DC-less location"
subnets in the "nearest site" unless there are site-aware servers
locally.

If access to those servers is critical then there should be a local
DC too.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

Thanks for the info. I currently have the subnets on the nearest site,
but
that is giving us problems with DFS. We DO have file servers running DFS
in
each office, but not a DC. So that is causing the clients to randomly
select
a DFS target on their site, so they often connect to servers over the WAN
instead of the local LAN server.

There is your problem. If you have "site aware" services in the
location then it should likely be a separate site.

I know it sounds a little silly, but we have a policy against DCs acting
as
file servers, and I don't want to pay for 2 servers in these small
offices.

Then it is a silly policy. If access to those services is critical enough
to support a DC then it is critical enough to require a DC and if that
means putting it on the File server change the policy (or spend the money.)

Servers are CHEAP.

Part of the reason is that I am not a Domain Admin, so it would be hard
for
me to properly administrate my file server if it was on a DC.

Servers are cheap. DCs do NOT have to be "gigantic, superfast machines"
except in the VERY largest domains perhaps.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

I have 5 offices all with local file servers. 3 of the offices are very
small and do not have their own Domain Controler (and therefor do not
have
their own "site" in AD).

Usually reasonable. (Although sites MAY be created if you have
a reason) without a DC.

I am running into issues where it seems like those
offices are not able to choose the closest DFS Target because there
subnets
are in the same site as one of the larger offices and they don't know
which
target is best.

There is a reason for creating sites -- or at least ADDING their
SUBNETS to the "nearest site" -- the one you wish them to use
for DFS and DC-authentication.

My question is, is there anything wrong with me creating a site without
a
Domain Controler?

Probably not, but there is little reason UNLESS you have a
"site aware" server THERE -- like a local DFS, but then you
should likely have a DC also.

It seems like doing so would give DFS the information it
needs to choose Targets; will I run into issues not having a DC?

My first suggestion would be to put those "DC-less location"
subnets in the "nearest site" unless there are site-aware servers
locally.

If access to those servers is critical then there should be a local
DC too.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Jorge_de_Almeida_Pinto]

I have 5 offices all with local file servers. 3 of the
offices are very
small and do not have their own Domain Controler (and therefor
do not have
their own "site" in AD). I am running into issues where it
seems like those
offices are not able to choose the closest DFS Target because
there subnets
are in the same site as one of the larger offices and they
don't know which
target is best.

My question is, is there anything wrong with me creating a
site without a
Domain Controler? It seems like doing so would give DFS the
information it
needs to choose Targets; will I run into issues not having a
DC?

You create an AD site that represents a well connected location with
site aware services. Domain controllers offer site aware services, and
as you already mentioned yourself, DFS offers site aware services.

Yes it is OK to create an AD site without a DC. Create the site and
assign the subnets of the location to the AD site that represent that
location. Clients will be serviced by DCs that auto cover the DC-less
site. Auto site coverage is enabled by default and the DCs from the
domains that have the lowest cost route to that site will cover that
DC-less site