Jump to content


  • 0
MadMacs77

Sites and Services question

Question

I have been tasked with cleaning up my new employer's AD Sites and Services, and I've run into a philosophical disagreement, and given my lack of experience or training with this specific item, I'm going to ask the community to tell me if I'm right or wrong

 

Do you make a Site in S&S if there's a physical location, but no Domain Controller local to that location, or do you assign the subnets for that location to a Site that has a Domain Controller (and has a direct route)?

Share this post


Link to post
Share on other sites

6 answers to this question

Recommended Posts

  • 0

I am willing to bet that this isn't the answer MadMacs77 was looking for. I must admit I have been following this thread because the topic is interesting to me.

 

The question was "Do you make a Site in S&S if there's a physical location, but no Domain Controller local to that location, or do you assign the subnets for that location to a Site that has a Domain Controller (and has a direct route)?". I assume why he wants to cleanup his AD S&S is because it's good practise to learn how his new employers AD is setup so he can better support it - I know that's the first thing I did when I was managing my company's AD, but that's not important - that wasn't the original question.

 

So if we can look at the question again - is it best practise to create a site for each physical site in your organisation even if there is no DC on the physical location, or do you attach the subnet to a site which does have a DC even though computers are not actually on that physical site.

 

The reason why I want to know (maybe for similar reasons as MadMacs77) is because our large SCCM environment uses AD Sites for the boundaries and we also want to look in to creating group policies based on AD Sites (for printers and drive mappings) which for small sites with no DC might benefit from having an AD Site created - it also helps our first line support team know where the users are when they are looking in logs rather than assuming they are on a large site.

 

It'd be great to get your opinion on this Gareth (and others) because I have followed a few of your posts and I know that you've got a wealth of experience and knowledge.

 

Cheers

Tom

Share this post


Link to post
Share on other sites

  • 0

Yes, sure it is not the answer MadMacs77 was hoping for but IMO there is a much bigger issue here that just ADSS.

 

<After re-reading this and still on my first cup of coffee, this seems preachy, but it not meant to be. >

 

If you are you are going to “clean up” AD then you really need to do a full health check for that you need to look at:

  • Network
    • Network speeds
    • Network latency
    • Network reliability.
  • AD itself
    • Replication
    • Workload
    • Etc.
  • ADSS
  • DNS
    • Is DNS working correctly
    • IS DNS savaging turn on?
  • DHCP
    • IP Addresses
    • IP Subnets Masks
    • What is your DHCP lease time
  • Each DC
  • All the OUs
  • All the GPO
  • All logon scripts
  • Get a list of all known issues, etc.

 

</end peachy stuff>

 

Now getting back to the ADSS and should you create a site for a network without a DC. It will depend on a lot of things. I have created ADSS for force GPO setting at a particular site (BITS setting for example) but rarely will I do it for anything else if there are no DCs at the site.

As an aside, I personally don’t recommend using AD sites for CM07 or CM12. The reasons are supernet and outdated subnet details in AD. The bigger your environment the more likely they will not be up-to-date. I recommend IP ranges and if you have a single site the 0.0.0.0 – 255.255.255.255, works great! ;-)

  • Like 1

Share this post


Link to post
Share on other sites

  • 0

Thanks Garth! That's good advice and you're right; there are a lot of components to a domain that probably need to be investigated.

 

I cannot find any references from Microsoft that says if empty sites are supported, but the fact you can create them possibly means that it is...? As long as the subnets and costs are in order then the clients should still be able to find the closest DC and that site information can be used in other "site aware" applications.

 

I did find this link which highlights that "empty sites" are controversial but do have their purpose; http://www.myitforum.com/articles/1/view.asp?id=11919so might be useful reading.

 

Now I'm off to kick our AD team with that list and make sure stuff is in order ;-)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.