Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Configure a site with No DC

Answered Configure a site with No DC

  • Wednesday, March 06, 2013 3:45 PM
     
     
    Sign In to Vote
    0

    Hi,

    We currently have a domain with multiple sites. Each site has a DC. We are looking to reduce the amount of DC's on the network as not all sites need one, e.g. three users on one site with a DC. We want to set up a DC at our Data Center, and have the users authenticate to that. My question is how do we configure that site to use the DC in the data center?

    Many thanks.

     

All Replies

  • Wednesday, March 06, 2013 3:51 PM
     
     
    Sign In to Vote
    0

    Hi Howard

    Well autosite coverage and DClocator will
    automatically take care of identifying the nearest DC based on the site link topology
    connecting the remote site and the datacenter.<o:p></o:p>

    Please refer to defining site links to insure proper
    autosite coverage.

    http://technet.microsoft.com/en-us/library/cc960573.aspx

    Ernie Prescott

     
  • Wednesday, March 06, 2013 4:20 PM
     
     
    Sign In to Vote
    0

    OK,

    So in sites and services, I would apply a lower cost to the link that attaches the small site to the site that houses the DC?

     
  • Wednesday, March 06, 2013 7:36 PM
     
     Answered
    Sign In to Vote
    0

    Well, generally as a rule, a site link contains only 2
    sites. And the site link is based on the physical telecom links. So lets say
    site B (remote site) has 2 telecom links to 2 different sites, site A being the
    datacenter, and site C being a larger remote site that is in turn connected to
    Site A. You would make certain the cost of site link (B-A) is less than the
    cost of site link (B-C) + (C-A). This favors site A, resulting in the domain
    controllers of site A being prioritized.<o:p></o:p>

    Ernie Prescott

     
  • Wednesday, March 06, 2013 8:14 PM
     
     Answered
    Sign In to Vote
    0

    What you need to do is create subnet for Remote site (Without DC) in sites and services and link those subnets to your Datacenter Sites and make sure below ports are opened between Remote site and Datacenter

    http://www.windowsnetworking.com/kbase/windowstips/windowsserver2008/admintips/activedirectory/whatallportsarerrequiredbydomaincontrollersandclientcomputers.html

    The following is the list of services and their ports used for Active Directory communication:

    UDP Port 88 for Kerberos authentication
    UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
    TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
    UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
    TCP and UDP Port 445 for File Replication Service
    TCP and UDP Port 464 for Kerberos Password Change
    TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
    TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.
    Opening above ports in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly.

    Hope it helps __________________________ Best Regards Sarang Tinguria MCP, MCSA, MCTS Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

     
  • Friday, March 08, 2013 1:46 PM
     
     
    Sign In to Vote
    0

    Hi,

    There is already a Site for this group of computers, and I am taking the DC away. I have put the cost of the Site link down. Clients are still authenticating to odd servers. How do they know what has the lowest site link?

    Ben

     
  • Tuesday, March 12, 2013 12:06 PM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Remove all sites but the home site and then reassociate all subnets with the home site, nothing else to do.  The only way I wouldn't do this is if you had a site aware application that need special sites configured, which I'm guessing you don't have anyways.  So I would strongly urge you to remove all sites with the exception of the central site.

    -- 
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

     
  • Thursday, March 21, 2013 2:11 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

    Best Regards

    Kevin

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.