Random AD question

IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from mPasadena, CAPosts: 4,117Mod Mod
So I'm studying for my 70-294 and while at work, I decided to open up AD Sites and Services to take a look at how our company's structure is set up.

I work in a single domain health system with about 10 different hospital sites (all having high speed connections I believe) and each site has 2+ domain controllers. From what I can see, NONE of the domain controllers are acting as bridgeheads and every single domain controller is set as having a copy of the global catalog on it. Correct me if I'm wrong, but wouldn't this setup be using more bandwidth than setting up bridgeheads between sites and not having EVERY domain controller in the domain set up as a global catalog server? Is there any benefits to the way they have this set up that I'm missing here? As far as I understand, global catalogs are useful when there are multiple domains and even then, you wouldn't want to set up EVERY domain controller in the domain as a global catalog server.

Thanks for hearing me out. If I'm missing something, I would love to have some insight into this AD design.
BS, MS, and CCIE #50931
Blog: www.network-node.com

Comments

  • dynamikdynamik Posts: 12,314Banned ■■■■■■■■□□
    Are there applications that query the GC? If there are and you remove the local GCs, all the GC traffic will have to traverse WAN links.
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAPosts: 4,117Mod Mod
    dynamik wrote: »
    Are there applications that query the GC? If there are and you remove the local GCs, all the GC traffic will have to traverse WAN links.

    It's possible, but I can't be absolutely sure. I don't have complete knowledge about what every other department does there. Even then though, if you have 6 DCs at one site, why set all of them as having a copy of the GC? That seems like a LOT of redundancy at each site not to mention the added replication traffic for updating the GC for all 50+ DCs in the domain. What about not setting up bridgeheads? Wouldn't that be a huge lag on bandwidth if 50+ DCs are just replicating between sites?
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • TechnitoTechnito Posts: 152Member
    So I'm studying for my 70-294 and while at work, I decided to open up AD Sites and Services to take a look at how our company's structure is set up.

    I work in a single domain health system with about 10 different hospital sites (all having high speed connections I believe) and each site has 2+ domain controllers. From what I can see, NONE of the domain controllers are acting as bridgeheads and every single domain controller is set as having a copy of the global catalog on it. Correct me if I'm wrong, but wouldn't this setup be using more bandwidth than setting up bridgeheads between sites and not having EVERY domain controller in the domain set up as a global catalog server? Is there any benefits to the way they have this set up that I'm missing here? As far as I understand, global catalogs are useful when there are multiple domains and even then, you wouldn't want to set up EVERY domain controller in the domain as a global catalog server.

    Thanks for hearing me out. If I'm missing something, I would love to have some insight into this AD design.

    It's more than likely setup this way for redundancy and maximum efficiency. But if there are less than 100 users in each site, then there has to be an application, VPN server or something that's querying the global catalog very often for the need of 2 GC servers in a single site. Understand that preferred bridgehead servers only specify the primary DC responsible for site replication. Not specifying a preferred bridgehead server still allows both DC's to replicate, but does not designate a server as primarily responsible. This minimizes hardware strain on a single server. And the bandwidth AD replication uses is not all that excessive as long there is at least one global catalog in each site.
    Knowledge is being an Architect, no matter what field.....
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAPosts: 4,117Mod Mod
    Technito wrote: »
    It's more than likely setup this way for redundancy and maximum efficiency. But if there are less than 100 users in each site, then there has to be an application, VPN server or something that's querying the global catalog very often for the need of 2 GC servers in a single site. Understand that preferred bridgehead servers only specify the primary DC responsible for site replication. Not specifying a preferred bridgehead server still allows both DC's to replicate, but does not designate a server as primarily responsible. This minimizes hardware strain on a single server. And the bandwidth AD replication uses is not all that excessive as long there is at least one global catalog in each site.


    Thanks for the answer. :) That makes a lot more sense.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAPosts: 4,117Mod Mod
  • DragonNOA1DragonNOA1 Posts: 149Member ■■■□□□□□□□
    I work in a single domain...

    Only one domain in the forest? Then adding every DC as a GC server would add next to nothing in replication traffic.
    The command line, an elegant weapon for a more civilized age
Sign In or Register to comment.