Br4tt3 Posted August 25, 2004 Share Posted August 25, 2004 So got a question... 3 site with 1 main site. 1 domain structure.Site 1 DC = Infrastructure / Schema / Domain naming / Bridgehead DC = PDC emulator / RID / DC DCSite 2 DC = Bridgehead / DC Site 3 DC = Bridgehead / DC*********************************************Question: when i run statistic's on the DC's.. the only machines that generate outbound / inbound repl. traffic is my bridgehead servers.. except my PDC emulator which generate outbound traffic aswell.. in which circumstances can they do this???Also. all kerberos traffic seems to spread evenly on the DC's but I would assume that the PCD emulator would server most NTLM auth.. in my case the PDC almost doesnt serve any NTLM auth. Why? Any 1 got a hint on this?Ohh... and i use win2003 on all the dc's... xp and some win98 on the clientsRegards Link to comment Share on other sites More sharing options...
morellana Posted October 24, 2004 Share Posted October 24, 2004 When having a multiple site infrastructure AD designates a bridgehead per site, this setting is automatic by default, although you can set it manually is not recommended. This is because each bridgehead communicate with the bridgehead of the other sites in order to use efficiently the network bandwith, when each bridgehead receives the repplication data then it propagates it to the servers that are in the same site.Your PDC emu may generate outbound because it also has the RID master role. There are various reasons going through my head:1. the pdc emu holds the GPOs, that are replicated thru the FRS, remember that when a PC boots or a user logs they poll a DC to check for the GPs, and each DC must check the GPOs with the PDC (Which holds the templates in the SYSVOL folder and that's what the FRS replicates to the other DC's)2. The Rid master dessignates blocks of RID numbers to all servers in the domain, this numbers allows the creation of the objects of the AD, RID numbers are unique and are vital part of the SID that is generated when creatin and object.3. the PDC holds "the last word" when authenticating a system in another DC Fails4. It has the HOUR of the domain.Kerberos is the authentication protocol in AD so it is spread in all DCs 'cause they all can authenticate users and generate Ticket Granting Tickets to access resources on a Domain. NTLM auth is not supported by win98 only LM, win 2k and after use Kerberos, AD supports LM, NTLM, NTLM v2 and Kerberos.Mario. Link to comment Share on other sites More sharing options...
Br4tt3 Posted November 19, 2004 Author Share Posted November 19, 2004 Thx dude.. I will sketch some on it and try it out, get back to u. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now