Windows 2003 DC Question

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi all,

question.. We have about 250 or so computers spread out all over the country
in offices that are connected to corporate by IPSec VPN's

We have two domain controllers which should be plenty.

I have one located on the east coast, and one on the west coast.. no other
reason than if our corporate office goes offline, the VPN's automatically
route to our east coast office and users can still login.

my question is is this a good working model?

Now reason being is because i'm evaluating spotlight on active directory and
its informing me that I have more than the expected LDAP client sessions on
the DC and that I might want to think about either 1. adding another DC or
two moving sessions to another DC.

How do I move them to another DC? And should I add another DC.. will that
significantly help?

If i've left anything out. please ask..
 
Are you seeing all traffic hitting one and not the other?

If so, it's probably a DNS thing. Firstly, ensure that: all clients point
to both DCs for DNS (assuming that you are running DNS on your DCs), both
DCs are GCs, sites and subnets are configured, and you disable netmask
ordering on both DNS servers.

If these DCs reside in different sites, then your clients are probably
defaulting to the one DC due to it's site and netmask ordering. Also, if
the other isn't a GC, then this will account for more LDAP queries hitting
the box that is a GC.

It is usually recommended to have multiple DCs, but you already have this.
So I'd say look at spreading the load rather than simply buying another DC
for a particular site.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

Hi all,

question.. We have about 250 or so computers spread out all over the country
in offices that are connected to corporate by IPSec VPN's

We have two domain controllers which should be plenty.

I have one located on the east coast, and one on the west coast.. no other
reason than if our corporate office goes offline, the VPN's automatically
route to our east coast office and users can still login.

my question is is this a good working model?

Now reason being is because i'm evaluating spotlight on active directory and
its informing me that I have more than the expected LDAP client sessions on
the DC and that I might want to think about either 1. adding another DC or
two moving sessions to another DC.

How do I move them to another DC? And should I add another DC.. will that
significantly help?

If i've left anything out. please ask..
 
Back
Top