Hi list, I recently realized that using multiple DC has a major drawback when using Samba In my understanding, in a classical AD environment, sysvol share is supposed to be a DFS share. This means that proximity rules are applied when accessing to it. When using samba it seems that we face a classical round-robin DNS, which can lead to the situation where a machine on site A tries to fetch its GPO (and scripts, and software) from a DC on site B (as per Murphy's law, the slowest is the link between the two sites, the higher the chances to use it). Did I miss something? Regards
Yes, something like. https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_replication_workaround https://wiki.samba.org/index.php/Active_Directory_Sites and if needed you can also set a "prefferred" server per OU or site in GPO. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sébastien Le Ray > Verzonden: vrijdag 8 april 2016 9:32 > Aan: samba at lists.samba.org > Onderwerp: [Samba] GPO, multiple DCs, sites and sysvol > > Hi list, > > I recently realized that using multiple DC has a major drawback when > using Samba > > In my understanding, in a classical AD environment, sysvol share is > supposed to be a DFS share. This means that proximity rules are applied > when accessing to it. > > When using samba it seems that we face a classical round-robin DNS, > which can lead to the situation where a machine on site A tries to fetch > its GPO (and scripts, and software) from a DC on site B (as per Murphy's > law, the slowest is the link between the two sites, the higher the > chances to use it). > > Did I miss something? > > Regards > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Le 08/04/2016 09:54, L.P.H. van Belle a écrit :> Yes, something like. > > https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_replication_workaroundDon't care, I always edit GPO on PDC FSMO DC and rsync from there> https://wiki.samba.org/index.php/Active_Directory_SitesYes, I use them, it works for the DC selection but GPO are still fetched in a round robin fashion> and if needed you can also set a "prefferred" server per OU or site in GPO.THIS is the piece of info I was missing :-) Do you know what is the name of this GPO? Regards
Basicly read: http://blogs.msmvps.com/acefekay/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records/ https://technet.microsoft.com/en-us/library/cc787370(WS.10).aspx ( you can set the registry changes in the GPO ) now check this very handy site. https://www.windows-security.org/75572f3b66d75af8132ec77996f09a0c/net-logon yeah, i can tell exact what to do, but its best your read a bit about it, so you understand what you changing. ;-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sébastien Le Ray > Verzonden: vrijdag 8 april 2016 9:59 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] GPO, multiple DCs, sites and sysvol > > > Le 08/04/2016 09:54, L.P.H. van Belle a écrit : > > Yes, something like. > > > > > https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_r > eplication_workaround > > Don't care, I always edit GPO on PDC FSMO DC and rsync from there > > > > https://wiki.samba.org/index.php/Active_Directory_Sites > > Yes, I use them, it works for the DC selection but GPO are still fetched > in a round robin fashion > > > and if needed you can also set a "prefferred" server per OU or site in > GPO. > > THIS is the piece of info I was missing :-) > Do you know what is the name of this GPO? > > Regards > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba