TL;DR: under what conditions is is turning off Intersite Topology Generator a suitable solution? Under what conditions is it better to turn off ISTG rather than turn off 'Bridge all site links’?
I have a situation I’m trying to help out in, but I’m lacking some of the more detailed knowledge of the replication architecture in AD.
The situation is a merger of two existing forests/domains (Domain A & Domain B) into one existing domain (Domain Z). Most subnets in Domain A and Domain B overlap with Domain Z. The project has ruled out re-IPing the subnets of the incoming Forests (A & B), unless it’s the only technical option. The proposed solution is to create two ‘hub’ networks that use unused subnets. The logical layout would be that all offices/sites would connect to data centres/hosting faciclities as they do currently, and then all the data centres/hosting facilities would connect to the two hubs. Sites and service will be identical across all Forests prior to the migration and the idea is that as the users and computers are migrated to Domain Z, that they can contact DC’s of Domain Z within the two 'hubs'
For anyone interested, theses are the project musts, verbatim:
- Must facilitate users and computers being able to successfully and timely authenticate to resource within their home domain or any other domain to which a trust relationship exists
- Must allow for each of the 3 legacy networks only being able to have network connectivity to and from the ‘hubs’ and not between networks
- Must allow domain controllers in each legacy network to properly replicate take in to account the ‘hubs’ model
- Must allow for IP overlap between the legacy networks
Is turning ISTG the right or wrong solution? Ditto for turning off 'Bridge all sites’?