10 - sites and services

7/31/2019 10 - Sites and Services

1/8

Vision Infosystems (VIS)

Page No. : 1

Chapter

Active Directory Sites and services

Topics Covered

Introduction to active directory sites and servicesTerms related to replication and sites

Steps how to creates sites, subnets and site connector

Steps to create connection agreements and bridgehead server

10


2/8


Page No. : 2

Sites and Services

The entire success of a large active directory topology or network depends on how sites andreplication is managed. Active directory provides a fine technology to manage replication within

and between multiple domain scenarios. Site and services is the tool to manage this.

So before going ahead, let go through some terms.

Site : Asite is a set of Internet Protocol (IP) subnets connected by a highly reliable and fast link,usually a local area network (LAN). Or in a simple language a site is collection of DCs and

Server used for managing replication and find resources and services like GC, DC, LDAP, etc.

The main use of a site is to physically group computers to optimize network traffic. Site provides

authentication and replication traffic. A single domain can contains multiple sites or a site canspan multiple domains.

A domain with multiple sites A site with Multiple Domain

Subnet : Asubnetis a subdivision of an IP network. A site can contain multiple subnets and a

site can span multiple domains.

Site Links : Site links are used for connecting two sites. Site links are logical connectors

between two or more sites. Once you have created a site link, the KCC (Knowledge Consistency

Checker) automatically generates the replication topology. KCC used site link to determine the

path of replication between two sites.


3/8


Page No. : 3

Cost : Cost is define as a metric used by KCC to determine the shortest path to reach a site. The

cost ranges from 1 to 100. The lowest is always preferable.

Site Link Bridges : A site link bridge connects two or more site links in a transport wheretransitivity has been disabled in order to create a transitive and logical link between two sites that

do not have an explicit site link. For example, site link BOM-DEL connects the BOMBAY andDELHI sites. Site link DEL-MAD connects the DELHI and MADRAS sites. Site link bridge

BOM-DEL-MAD connects site links BOM-DEL and DEL-MAD.

Bridgehead Servers : Bridge server is a DC which manages inter-site replication for a site. KCCautomatically designates a DC as bridgehead server or you can manually create a preferred

bridgehead server. Any replication updates are received from another site it is first received by

bridgehead server and then bridgehead server replicates the same to all DCs in the currentdomain. Same way any replication updates are sent by the local bridgehead server to other site

remote bridgehead server. Thus we can conclude that we required bridgehead server in each site

and each bridgehead server sends and receives replication update from other bridgehead server

of other site.

Replication

Active directory replication is a process of replication of active directory database or informationbetween DCs in same active directory forest. Every DC maintains local domain database and

configuration and schema information about entire forest. The entire active directory database is

divided into 3 basic partitions called as Schema Partition, Configuration Partition and DomainPartition. The domain partition is replicated by a DC to all the other DCs in same domain

whereas Schema partition and Configuration Partition is replicated to all DCs in entire forest.

Global Catalogs also takes part in replication. Active Directory uses remote procedure call (RPC)over Internet Protocol (IP) to transfer replication data between domain controllers. RPC over IP

is used for both intersite and intrasite replication. To keep data secure while in transit, RPC over

IP replication uses both authentication (using the Kerberos V5 authentication protocol) and dataencryption.


4/8


Page No. : 4

So to handle all this domains, tree and replication a proper replication topology or method shouldbe implemented. Active directory provides this solution with the help of Sites and KCC. The

Knowledge Consistency Checker (KCC) on each domain controller automatically builds themost efficient replication topology for intrasite replication, using a bidirectional ring design. This

bidirectional ring topology attempts to create at least two connections to each domain controller(for fault tolerance) and no more than three hops between any two domain controllers (to reducereplication latency). To prevent connections of more than three hops, the topology can include

shortcut connections across the ring. The KCC updates the replication topology regularly.

The KCC actually creates a separate replication topology for each directory partition (schema,

configuration, domain, application). Within a single site, these topologies are usually identical

for all partitions hosted by the same set of the domain controllers

By default, the frequency of replication is every 180 minutes. The minimum replication

frequency is 15 minutes. The maximum is 10,080 minutes, which is the equivalent of one full

week.

Types of replication

Intra-Site replication : It is a replication of directory information between two or moreDCs in same site.

Inter-Site replication : It is a replication of directory information between two or moreDCs in different sites.

Particulars Intrasite replication Intersite replication

Protocol used IP/RPC IP/RPC or SMTP

Frequency of replication Periodic replication

Default is 5-15 min.

Schedule replication

Default is 180 min

Compression NO YES

Steps for creating site

1. Click Start, point to Administrative Tools, and then click Active Directory Sites andServices.

2. Right-click the Sites container, and then click New Site.


5/8


Page No. : 5

3. In the New ObjectSite dialog box, type the name of the new site in the Name box.Assign a site link to the site by selecting a site link in the Link Name column, and thenclick OK.

Steps for creating subnet

1. Start, point to Administrative Tools, and then click Active Directory Sites and Services.2. Double-click the Sites folder.3. Right-click the Subnets folder, and then click New Subnet.

4. In the New ObjectSubnet dialog box, type the subnet address in the Address box. In theMask box, type the subnet mask that describes the range of addresses included in thissites subnet. Choose a site to associate this subnet, and then click OK.


6/8


Page No. : 6

To Move domain controller to a site

1. Start, point to Administrative Tools, and then click Active Directory Sites and Services.2. In the Active Directory Sites and Services console tree, right-click the domain controller

object that you want to move to a different site, and then click Move.3. In the Move Server dialog box, click the site to which you want to move the domain

controller object, and then click OK.

To add a new domain controller to a site

1. Click Start, point to Administrative Tools, then click Active Directory Sites and Services.2. In the Active Directory Sites ad Services console tree, double-click the site that you want

to contain the new domain controller object.

3. Right-click the Servers folder, point to New, and then click Server.4. In the New ObjectServer dialog box, type the name for the new domain controller objectin the Name box, and then click OK.

Steps to create site link


2. Open the Inter-Site Transports folder and right-click either the IP or SMTP folder,depending on which protocol you want the site to use. Select New Site Link.

3. In the New ObjectSite Link dialog box, type the name to be given to the site link in theName field. Use a name that includes the sites that you are linking.

4. In the Sites Not In This Site Link box, click two or more sites to connect, and then clickAdd. Click OK.


7/8


Page No. : 7

Steps to designate Preferred bridgehead server


2. In the Active Directory Sites and Services console tree, click the site that contains thedomain controller that you want to make a preferred bridgehead server.

3. In the Active Directory Sites and Services console tree, right-click the domain controllerthat you want to make a bridgehead server, and then click Properties.

4.

In the Properties dialog box for the domain controller, in the Transports Available ForInter-Site Data Transfer box, select the intersite transport or transports for which this

computer will be a preferred bridgehead server. Click Add, and then click OK.

Active directory connection agreement

A connection object is an Active Directory object that represents an inbound-only connection to

a domain controller. When there is a single site, all KCCs generate connection objects forreplication within the site. When there is more than one site, a single KCC in each site generates

all connection objects for replication between sites. Connection objects can also be created

manually by an administrator. Connection objects created by the KCC are owned by the KCC.Connection objects created or modified by an administrator are owned by the administrator.

Although you can create or configure connection objects manually to force replication over a

particular connection, normally you should allow replication to be automatically optimized bythe KCC based on information you provide in the Active Directory Sites and Services console

about your deployment. Create connection objects manually only if the connections that are

automatically configured by the KCC do not connect specific domain controllers that you want


8/8


Page No. : 8

to connect. Adding redundant manual connection objects to the optimal connection objects

created by the KCC can increase replication traffic.

Steps to create connection agreement


2. Double-click the site that contains the domain controller for which you want to create aconnection object.

3. Open the Servers folder, select the domain controller for which you are enabling theinbound connection, right-click NTDS Settings, and then click New Active Directory

Connection.

4. In the Find Domain Controllers dialog box, select the domain controller and click OK.

5. In the New ObjectConnection dialog box, type a name for the new Connection object inthe Name field. It is best to use the name of the domain controller for which you are

enabling the inbound connection. Click OK.

6. Right-click the connection object in the details pane and select Properties.7. The Properties dialog box for the connection object, type a description of the connection

object in the Description box. Ensure that RPC appears in the Transport box. Click

Change Schedule to change the default intrasite replication schedule (four times perhour).

8. In the Schedule For dialog box for the connection object, select the intrasite replicationfrequency for this connection object, then click OK.

9.

In the Properties dialog box for the connection object, click OK.

10 - sites and services

Documents