Back in May I did a post about doing my organizations AD Health and Security Audit. Well now is the start of that process (wish me luck so I don't break anything). I had setup a mirror to lookup errors and verify that processes are going to work but a lab environment can really only take you so far. So today I began the process of going through the Active Directory will be going though the bridgehead settings in Active Directory.
The bridgehead in the domain were setup like this
Domain's Previous Bridgehead settings |
To make these changes we need to get the properties of the servers defined as bridgeheads and remove the IP protocol from the specified bridgehead setting.
Server's Bridgehead settings before |
According to my research Bridgehead servers are domain controllers that have replication partners in other sites. The selection of bridgeheads is automatic by default. Manually defining preferred bridgeheads is generally not required, because it incurs additional administrative overhead, can reduce the inherent redundancy of Active Directory, and can easily result in replication failures due to invalid configurations.
Designating a single bridgehead for a domain in a site that contains a single domain controller of that domain is redundant as that domain controller would have been the bridgehead anyway. It can also lead to future problems should additional domain controllers be deployed to the site and only one of them configured as a preferred bridgehead server
Now since this is a single AD site and everything is local there is no need to manually set a bridgehead server.
When is it appropriate to manually specify a bridgehead server?
Since we know a bridgehead server is a domain controller (DC) that functions as the primary route of Active Directory (AD) replication data moving into and out of sites it is best used in low bandwidth situations. This setup would minimize bandwidth usage during intersite communication; the Knowledge Consistency Checker (KCC) would dynamically choose a server from each site to handle the communication.
These servers would be the bridgehead servers so rather than letting the KCC choose the servers; you might prefer to nominate domain controllers (e.g., a domain controller with the best network connectivity, a domain controller that is the proxy server in a firewall environment). For more information about the replication transport protocols over site to site visit the How Active Directory Replication Topology Works Document by Microsoft
Designating a single bridgehead for a domain in a site that contains a single domain controller of that domain is redundant as that domain controller would have been the bridgehead anyway. It can also lead to future problems should additional domain controllers be deployed to the site and only one of them configured as a preferred bridgehead server
Now since this is a single AD site and everything is local there is no need to manually set a bridgehead server.
When is it appropriate to manually specify a bridgehead server?
Since we know a bridgehead server is a domain controller (DC) that functions as the primary route of Active Directory (AD) replication data moving into and out of sites it is best used in low bandwidth situations. This setup would minimize bandwidth usage during intersite communication; the Knowledge Consistency Checker (KCC) would dynamically choose a server from each site to handle the communication.
These servers would be the bridgehead servers so rather than letting the KCC choose the servers; you might prefer to nominate domain controllers (e.g., a domain controller with the best network connectivity, a domain controller that is the proxy server in a firewall environment). For more information about the replication transport protocols over site to site visit the How Active Directory Replication Topology Works Document by Microsoft
IP Transport has been removed from the Bridgehead |
The bridgehead servers have now been setup to be automatically selected by the KCC and because this is a single site where everything is local these settings should now be sufficient and stop some of the issues when we makes changes to the AD on any controller and have it replicate though.
Bridgehead settings with no manually specified bridgehead server |
References:
http://www.itprotoday.com/management-mobility/how-do-i-specify-bridgehead-server
https://technet.microsoft.com/pt-pt/library/cc755994(v=ws.10).aspx
https://technet.microsoft.com/pt-pt/library/cc755994(v=ws.10).aspx