A.D. Replication through vpn tunneling

If we are seeing ping times through our vpn tunnel of 250
to 300 (we
are on a T1 and the other site is 512Kbs), would active
directory
replications between these locations be adequate?

Personally I would never trust it at any speed over VPN, but that's just me.
I would prefer separate domains in each site and then simply maintain a
"Trust" between the Domains over the VPN. I don't believe it requires as
much traffic to maintain a Trust than what it takes to keep a Domain in
"sync". Plus the domains will continue to run independently if the link is
down,...they just won't be able to access resources on the other domains
until the link is back up.

But again,...that's just me..

There is a KB article for dealing with AD Domains over slow links, but I
couldn't find the one I've saw before. Maybe someone else will know where it
is. there are multiple ways to do it and it begins to get into the area of
opinion as to what is really the best way to go.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"janet" <(E-Mail Removed)> wrote in message
news:1235701c44293$1891ca90$(E-Mail Removed)...
> If we are seeing ping times through our vpn tunnel of 250
> to 300 (we
> are on a T1 and the other site is 512Kbs), would active
> directory
> replications between these locations be adequate?
>

I'm inclined to agree with Phillip, at least for multiple sites - but here
you only have 2. The issue is generally more one of bandwidth rather than
latency, and a T1 or 512K connection is more than adequate to support normal
replication between 2 servers. Ultimately, your question is impossible to
answer without knowing a lot more about total traffic demands on your VPN
links. If you are using RRAS for VPN, consider switching to harware.
Hardware VPN has come way down in price and generally provides better
performance. I know of several networks where a single forrest/domain
replicates fine over VPN links to multiple sites. If replication demand
becomes an issue, you can controll it with Site links - See:

http://www.microsoft.com/resources/d..._topo_fvws.asp

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP


"janet" <(E-Mail Removed)> wrote in message
news:1235701c44293$1891ca90$(E-Mail Removed)...
> If we are seeing ping times through our vpn tunnel of 250
> to 300 (we
> are on a T1 and the other site is 512Kbs), would active
> directory
> replications between these locations be adequate?
>

Well our company has less than 1,000 employees and no
full time I.T. person on the other end. Currently we do
this with a site in Europe that runs aroun 150 to 160 and
have had no problems. So I am looking for what are
reasonable times for A.D. replication.
>-----Original Message-----
>Personally I would never trust it at any speed over VPN,
but that's just me.
>I would prefer separate domains in each site and then
simply maintain a
>"Trust" between the Domains over the VPN. I don't
believe it requires as
>much traffic to maintain a Trust than what it takes to
keep a Domain in
>"sync". Plus the domains will continue to run
independently if the link is
>down,...they just won't be able to access resources on
the other domains
>until the link is back up.
>
>But again,...that's just me..
>
>There is a KB article for dealing with AD Domains over
slow links, but I
>couldn't find the one I've saw before. Maybe someone
else will know where it
>is. there are multiple ways to do it and it begins to
get into the area of
>opinion as to what is really the best way to go.
>
>--
>
>Phillip Windell [MCP, MVP, CCNA]
>www.wandtv.com
>
>
>"janet" <(E-Mail Removed)> wrote in
message
>news:1235701c44293$1891ca90$(E-Mail Removed)...
>> If we are seeing ping times through our vpn tunnel of
250
>> to 300 (we
>> are on a T1 and the other site is 512Kbs), would active
>> directory
>> replications between these locations be adequate?
>>
>
>
>.
>

Was there some KB article somewhere that gave some guidelines for deploying
over slow links? I thought I saw one once but wasn't able to find it again.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Doug Sherman [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I'm inclined to agree with Phillip, at least for multiple sites - but here
> you only have 2. The issue is generally more one of bandwidth rather than
> latency, and a T1 or 512K connection is more than adequate to support
normal
> replication between 2 servers. Ultimately, your question is impossible to
> answer without knowing a lot more about total traffic demands on your VPN
> links. If you are using RRAS for VPN, consider switching to harware.
> Hardware VPN has come way down in price and generally provides better
> performance. I know of several networks where a single forrest/domain
> replicates fine over VPN links to multiple sites. If replication demand
> becomes an issue, you can controll it with Site links - See:
>
>
http://www.microsoft.com/resources/d..._topo_fvws.asp
>
> Doug Sherman
> MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
>
>
> "janet" <(E-Mail Removed)> wrote in message
> news:1235701c44293$1891ca90$(E-Mail Removed)...
> > If we are seeing ping times through our vpn tunnel of 250
> > to 300 (we
> > are on a T1 and the other site is 512Kbs), would active
> > directory
> > replications between these locations be adequate?
> >
>
>

The old Win2k Server Academic Learning Series recommended a 512 kbps link
for intra site replication. The default interval for inter site replication
is every 3 hrs. I too thought there was a KB or Resource Kit article, but I
can't find it either.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> Was there some KB article somewhere that gave some guidelines for
deploying
> over slow links? I thought I saw one once but wasn't able to find it
again.
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "Doug Sherman [MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I'm inclined to agree with Phillip, at least for multiple sites - but
here
> > you only have 2. The issue is generally more one of bandwidth rather
than
> > latency, and a T1 or 512K connection is more than adequate to support
> normal
> > replication between 2 servers. Ultimately, your question is impossible
to
> > answer without knowing a lot more about total traffic demands on your
VPN
> > links. If you are using RRAS for VPN, consider switching to harware.
> > Hardware VPN has come way down in price and generally provides better
> > performance. I know of several networks where a single forrest/domain
> > replicates fine over VPN links to multiple sites. If replication
demand
> > becomes an issue, you can controll it with Site links - See:
> >
> >
>
http://www.microsoft.com/resources/d..._topo_fvws.asp
> >
> > Doug Sherman
> > MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
> >
> >
> > "janet" <(E-Mail Removed)> wrote in message
> > news:1235701c44293$1891ca90$(E-Mail Removed)...
> > > If we are seeing ping times through our vpn tunnel of 250
> > > to 300 (we
> > > are on a T1 and the other site is 512Kbs), would active
> > > directory
> > > replications between these locations be adequate?
> > >
> >
> >
>
>

I think it only has to do with scheduling the replication times so they fall
at after hour or slow traffic times.

--
Kyle Lang [MSFT]
This posting is provided "As Is" with no warranties, and confers no rights.


"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> Was there some KB article somewhere that gave some guidelines for
deploying
> over slow links? I thought I saw one once but wasn't able to find it
again.
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "Doug Sherman [MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I'm inclined to agree with Phillip, at least for multiple sites - but
here
> > you only have 2. The issue is generally more one of bandwidth rather
than
> > latency, and a T1 or 512K connection is more than adequate to support
> normal
> > replication between 2 servers. Ultimately, your question is impossible
to
> > answer without knowing a lot more about total traffic demands on your
VPN
> > links. If you are using RRAS for VPN, consider switching to harware.
> > Hardware VPN has come way down in price and generally provides better
> > performance. I know of several networks where a single forrest/domain
> > replicates fine over VPN links to multiple sites. If replication
demand
> > becomes an issue, you can controll it with Site links - See:
> >
> >
>
http://www.microsoft.com/resources/d..._topo_fvws.asp
> >
> > Doug Sherman
> > MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
> >
> >
> > "janet" <(E-Mail Removed)> wrote in message
> > news:1235701c44293$1891ca90$(E-Mail Removed)...
> > > If we are seeing ping times through our vpn tunnel of 250
> > > to 300 (we
> > > are on a T1 and the other site is 512Kbs), would active
> > > directory
> > > replications between these locations be adequate?
> > >
> >
> >
>
>

Here are some good resources...

http://www.microsoft.com/resources/d...s/Default.asp?
url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_repto_what.asp

http://www.informit.com/articles/art...=21472&redir=1


Kyle Lang, MCSE/CCNA/CCEA

"This posting is provided "AS-IS" with no warranties, and confers no rights"
--------------------
> From: "Doug Sherman [MVP]" <(E-Mail Removed)>
> References: <1235701c44293$1891ca90$(E-Mail Removed)> <(E-Mail Removed)> <e5T6E4pQEHA.3300
@TK2MSFTNGP09.phx.gbl>
> Subject: Re: A.D. Replication through vpn tunneling
> Date: Tue, 25 May 2004 17:57:04 -0400
> Lines: 63
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
> Message-ID: <#(E-Mail Removed)>
> Newsgroups: microsoft.public.windows.server.networking
> NNTP-Posting-Host: 6532183hfc28.tampabay.rr.com 65.32.183.28
> Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
> Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.networking:13349
> X-Tomcat-NG: microsoft.public.windows.server.networking
>
> The old Win2k Server Academic Learning Series recommended a 512 kbps link
> for intra site replication. The default interval for inter site replication
> is every 3 hrs. I too thought there was a KB or Resource Kit article, but I
> can't find it either.
>
> Doug Sherman
> MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
> > Was there some KB article somewhere that gave some guidelines for
> deploying
> > over slow links? I thought I saw one once but wasn't able to find it
> again.
> >
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> > "Doug Sherman [MVP]" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > I'm inclined to agree with Phillip, at least for multiple sites - but
> here
> > > you only have 2. The issue is generally more one of bandwidth rather
> than
> > > latency, and a T1 or 512K connection is more than adequate to support
> > normal
> > > replication between 2 servers. Ultimately, your question is impossible
> to
> > > answer without knowing a lot more about total traffic demands on your
> VPN
> > > links. If you are using RRAS for VPN, consider switching to harware.
> > > Hardware VPN has come way down in price and generally provides better
> > > performance. I know of several networks where a single forrest/domain
> > > replicates fine over VPN links to multiple sites. If replication
> demand
> > > becomes an issue, you can controll it with Site links - See:
> > >
> > >
> >
> http://www.microsoft.com/resources/d...s/Default.asp?
url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dssbd_topo_fvws.asp
> > >
> > > Doug Sherman
> > > MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
> > >
> > >
> > > "janet" <(E-Mail Removed)> wrote in message
> > > news:1235701c44293$1891ca90$(E-Mail Removed)...
> > > > If we are seeing ping times through our vpn tunnel of 250
> > > > to 300 (we
> > > > are on a T1 and the other site is 512Kbs), would active
> > > > directory
> > > > replications between these locations be adequate?
> > > >
> > >
> > >
> >
> >
>
>
>