Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


December 2003

Designing for DC Failover

How to create the best AD site topology possible
From the December 2003 Edition
of Windows IT Pro
Sean Deuby
Feature
InstantDoc #40718
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Active Directory (AD) Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Most administrators know that good Windows 2000 Active Directory (AD) site topology design is almost as important as good domain design. A well-thought-out site topology minimizes AD-related network traffic, ensures that users authenticate through a nearby domain controller (DC), and makes the time needed to replicate an object across the enterprise more predictable.

AD sites also serve another important, if not as well known or straightforward, role: They influence client DC failover, which is the process that a client follows to connect to another DC when the client's current DC fails. A well-thought-out AD site topology consists of the ability to pick any location on the network, mark a DC as being unavailable, and have clients in that site reliably choose the next best available DC.

Why is designing for DC failover so important? A client's DC selection is a major factor in the user's logon time and perceived response time. For example, most companies run logon scripts, and the distance across the network between the authenticating DC and the client greatly influences the logon script's execution speed. Also, consider that both Microsoft Exchange 2000 Server and its clients are heavy users of the AD Global Catalog (GC). As a result, if you make a poor choice when selecting the DC that hosts the GC, your selection will have a noticeable effect on the client's email response time.

Before you begin to design for DC failover, you need to understand how a client selects its DC, known as the DC locator process. When you model DC failover (i.e., pretend the preferred DCs aren't available), you step through the DC locator process to determine what alternate DCs the client will choose. Ideally, when a Windows client can't contact a local (i.e., onsite) DC, it would use site link costs in the AD site topology to determine the next closest site and attempt to contact a DC there. If DCs in that site weren't available, the client would look to the next closest site and try again, looping until it found a DC. Unfortunately, the DC locator process hasn't reached that state yet. In Windows Server 2003 and Win2K, the client requests a list of DCs in its site and domain. If these DCs aren't available, the client requests a list of all DCs in its domain. For information about the Windows 2003 and Win2K DC locator process, see "Win2K Professional Domain-Controller Selection," http://www.winnetmag.com, InstantDoc ID 9180 and "Authentication Topology," March 2003, InstantDoc ID 37935.

Influencing the DC List
Among other records, DCs register site and domain SRV records in DNS. When a client goes through the process of locating a DC, it receives from DNS a list of DCs that the client should attempt to contact. To properly design DC failover, you need to be able to influence the order of the DCs on the list that the client receives from DNS. By influencing this list, you're telling the client what DC to select if the contacted DC isn't available. In almost all cases, DNS orders the list first by DCs in the client's local site and second by all DCs in the client's domain. To retrieve the list order information from a client, enter one of the following commands

nslookup -querytype=srv
_ ldap._tcp.sitename._sites.dc._msdcs
.domain.name
nslookup -querytype=srv _ldap._
tcp.dc._msdcs.domain.name

where sitename is the name of the client's site and domain.name is the Fully Qualified Domain Name (FQDN) of the client's domain. These commands emulate what kind of a DC list DNS will return to a client in domain domain.name and site sitename. The first command returns a list of DCs that are available in both the client's domain and site, and the second command returns a list of DCs in the entire domain.

Figure 1 shows a common hub and spoke configuration, where Hub is a company's main location (and WAN circuit center) and Spoke1, Spoke2, and Spoke3 are smaller remote locations. All locations share one domain. As a larger site, Hub contains several DCs; the smaller spokes each have only one or two DCs. Figure 1 also shows the DC list for Client1.

   Previous  [1]  2  3  Next 


Reader Comments
I am trying to execute the said queries stated under "Influencing the DC list" section however not able to get the output ? What should be the exact syntax for the same ? Is this one single command ?
nslookup -querytype=srv
_ ldap._tcp.sitename._sites.dc._msdcs
.domain.name

Ashish December 12, 2003

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
Microsoft Kills OneCare, Will Launch Free Security Solution

Microsoft on Tuesday announced that it would retire its $50-a-year security subscription product, Windows Live OneCare, and replace it with a free solution codenamed "Morro." Unlike OneCare, however, Morro will focus only on core anti-malware features and ...

The website is down because someone removed the X-Box

What happens when a manager mistakes a server for a games console. ...

Xbox 360 Overhaul Arrives with New UI, Avatars

Xbox 360 owners who logon to the system's Xbox Live system this morning will receive the most significant functional change yet to the console's user interface, or dashboard. Dubbed the New Xbox Experience, this new front-end features a completely new ...
Active Directory (AD) Whitepapers Sustainable Compliance: How to reconnect compliance, security and business goals

Managing Unix/Linux with Microsoft System Center Operations Manager 2007 Cross Platform Extensions Beta

Addressing the Insider Threat with NetIQ Security and Administration Solutions
Related Events Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

Keeping Your Business Safe from Attack: Monitoring and Managing Your Network Security

Windows 2003: Active Directory Administration Essentials
Related Active Directory (AD) Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Free Download –VS 2008 Training
Experts Ken Getz & Robert Green plus labs, code, courseware

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Register for SolarWinds VM Monitor
Get X-Ray Vision into Your ESX Servers with SolarWinds FREE VM Monitor

GoGrid Offers FREE Trial for Windows Cloud Servers
Deploy Windows Server 2003 and 2008 with free load balancing through GoGrid’s award winning web-based GUI – all in less than 5 minutes

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.

How healthy is your Exchange Server? Find out Now!
Automatic Exchange Server Maintenance helps prevent disasters and improves performance. Download a FREE Exchange Server analysis tool.
You've Deployed SharePoint...Now What?
This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions

Ease Your Scripting Pains with the Flexibility of PowerShell!
Paul Robichaux equips you with PowerShell basics in 3 introductory lessons, each followed by live Q&A—all on your own computer! Register today!

What Would You Do If You Ran Microsoft?
ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.

Maximize Your SharePoint Investment
This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.

Rock Your Knowledge, and Compete with Friends and Colleagues!
Are you the Web Application Performance Guru in your office? It's time to have fun! Download now to access the crossword puzzle. Challenge yourself and complete this fun activity!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing