Most administrators know that good Windows 2000 Active Directory (AD) site topology design is almost as important as good domain design. A well-thought-out site topology minimizes AD-related network traffic, ensures that users authenticate through a nearby domain controller (DC), and makes the time needed to replicate an object across the enterprise more predictable.
AD sites also serve another important, if not as well known or straightforward, role: They influence client DC failover, which is the process that a client follows to connect to another DC when the client's current DC fails. A well-thought-out AD site topology consists of the ability to pick any location on the network, mark a DC as being unavailable, and have clients in that site reliably choose the next best available DC.
Why is designing for DC failover so important? A client's DC selection is a major factor in the user's logon time and perceived response time. For example, most companies run logon scripts, and the distance across the network between the authenticating DC and the client greatly influences the logon script's execution speed. Also, consider that both Microsoft Exchange 2000 Server and its clients are heavy users of the AD Global Catalog (GC). As a result, if you make a poor choice when selecting the DC that hosts the GC, your selection will have a noticeable effect on the client's email response time.
Before you begin to design for DC failover, you need to understand how a client selects its DC, known as the DC locator process. When you model DC failover (i.e., pretend the preferred DCs aren't available), you step through the DC locator process to determine what alternate DCs the client will choose. Ideally, when a Windows client can't contact a local (i.e., onsite) DC, it would use site link costs in the AD site topology to determine the next closest site and attempt to contact a DC there. If DCs in that site weren't available, the client would look to the next closest site and try again, looping until it found a DC. Unfortunately, the DC locator process hasn't reached that state yet. In Windows Server 2003 and Win2K, the client requests a list of DCs in its site and domain. If these DCs aren't available, the client requests a list of all DCs in its domain. For information about the Windows 2003 and Win2K DC locator process, see "Win2K Professional Domain-Controller Selection," http://www.winnetmag.com, InstantDoc ID 9180 and "Authentication Topology," March 2003, InstantDoc ID 37935.
Influencing the DC List
Among other records, DCs register site and domain SRV records in DNS. When a client goes through the process of locating a DC, it receives from DNS a list of DCs that the client should attempt to contact. To properly design DC failover, you need to be able to influence the order of the DCs on the list that the client receives from DNS. By influencing this list, you're telling the client what DC to select if the contacted DC isn't available. In almost all cases, DNS orders the list first by DCs in the client's local site and second by all DCs in the client's domain. To retrieve the list order information from a client, enter one of the following commands
nslookup -querytype=srv
_ ldap._tcp.sitename._sites.dc._msdcs
.domain.name
nslookup -querytype=srv _ldap._
tcp.dc._msdcs.domain.name
where sitename is the name of the client's site and domain.name is the Fully Qualified Domain Name (FQDN) of the client's domain. These commands emulate what kind of a DC list DNS will return to a client in domain domain.name and site sitename. The first command returns a list of DCs that are available in both the client's domain and site, and the second command returns a list of DCs in the entire domain.
Figure 1 shows a common hub and spoke configuration, where Hub is a company's main location (and WAN circuit center) and Spoke1, Spoke2, and Spoke3 are smaller remote locations. All locations share one domain. As a larger site, Hub contains several DCs; the smaller spokes each have only one or two DCs. Figure 1 also shows the DC list for Client1.
Prev. page
[1]
2
3
next page 
