Hello,
I have inherited a design and have a question for smart people :).
Environment
- Only 3 sites defined in AD with domain controllers (four large physical locations: 3 data centers, 1 office)
- Around 100 small remote site-to-site VPN'd locations with a handful of people computers (no DCs)
- Say 60 subnets are attached to Site="One", 30 subnets attached to Site="Two", and 10 subnets attached to Site="Office"
QUESTION 1
In regards to sites and subnets, what is best practice?
1) Leave it as-is?
The remote computers in each subnet would be linked to the closest datacenter so AD aware applications like logons should be directed to the closest DCs, DFS shares, and location aware systems. It is not viable to place DC's in any of these small locations.
2) Make only a few new sites like:
Site Name: "Remote VPN Locations with 50Mbps Link near Site One"
Site Name: "Remote VPN Locations with Cellular Link near Site One"
Then move all small sites subnets to their respective new site. And leave only (for example) subnets in the datacenter attached to the site for that datacenter? I imagine this would help tell AD that the client is at a remote location with a fast or slow link (and using the cost value may help). I know replication is not a factor as there aren't any servers at the small remote locations.
3) Make 100+/- new sites, one for each physical location
I'm not certain if/how this would provide a benefit.
QUESTION 2
Someone has deleted all, and manually created AD Site connections under NTDS. I've found a few undesirable scenarios, one example, a defined replication is one way and has to traverse through another datacenters network (not replicating here) to get to the Azure virtual networks to replicate to the Azure DCs. What is best practice when designing these connections?
1) Always let KCC do it and create automatic connections?
Examples:
2a) Site One < to and from > Site Two: Create one bi-directional connection, only as the 'preferred' replication link? (let AD figure out a new connection link if this goes down)
2b) Site One < to and from > Site Two: Create a mesh type of topology with two bi-directional connections with four DC's? (any risk of replication looping?)
3) Grid topology sounds out of the question
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 24%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)