11 working with active directory sites chapter 3
DESCRIPTION
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES3 SITES AND SITE LINKS Sites are typically composed of fast and reliably connected computers. Criteria for fast and reliable are up to the administrator. Sites are independent of the domain structure. Domain computer accounts can be spread over multiple sites. Sites can contain resources from multiple domains. Sites are typically composed of fast and reliably connected computers. Criteria for fast and reliable are up to the administrator. Sites are independent of the domain structure. Domain computer accounts can be spread over multiple sites. Sites can contain resources from multiple domains.TRANSCRIPT
1
WORKING WITH ACTIVE DIRECTORY SITES
Chapter 3
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 2
INTRODUCING SITES Logical structure can be seen in Active
Directory Users And Computers. Physical network structure affects the
efficiency of Active Directory replication. Up to the administrator to create sites in Active
Directory Sites And Services. Sites are used to control Active Directory
replication and authentication traffic. Only site created by default is the Default-First-
Site-Name.
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 3
SITES AND SITE LINKS Sites are typically composed of fast and
reliably connected computers. Criteria for fast and reliable are up to the
administrator. Sites are independent of the domain
structure. Domain computer accounts can be spread
over multiple sites. Sites can contain resources from multiple
domains.
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 4
SITES AND SITE LINKS Although sites can be added, modified, and
deleted at any time, planning the site structure before installing Active Directory saves you time.
Default-First-Site-Name site is default location for domain controllers. First domain controller is always placed into this
site. Other domain controllers are placed here, if
appropriate site definitions aren’t available. If sites are created appropriately, newly installed
domain controllers are automatically placed in the appropriate site.
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 5
SITES AND THE REPLICATION PROCESS Replication topology describes the logical
connections made between domain controllers for replication.
Replication is the transfer of directory information updates. Object additions or removals Object attribute changes Object renames
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 6
SITES AND THE REPLICATION PROCESS Tracking replication changes.
Update Sequence Number (USN) Timestamp
Bridgehead server controls replication changes between sites. Compares USN for recent changes Uses timestamp if modifications carry the same
USN Convergence occurs when all changes are
updated.
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 7
INTRASITE REPLICATION OVERVIEW Knowledge consistency checker (KCC)
Creates initial replication topology (replication ring) Creates connection objects between domain
controllers Process that runs on each domain controller
Active Directory replicates four partitions Domain (domain-wide) Schema (forest-wide) Configuration (forest-wide) Application Data (depends on configuration)
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 8
INTRASITE REPLICATION DETAILS KCC runs every 15 minutes to ensure
replication topology is efficient. Intrasite replication latency is minimized in
these ways: KCC creates a bidirectional Replication Ring KCC ensures no more than three replication
hops between any two domain controllers by adding additional connections as needed
Replication traffic is not compressed
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 9
INTRASITE REPLICATION DETAILS Intrasite replication latency is 15 minutes by
default, but there is urgent replication for important changes.
Multiple domains in a single site. Each domain maintains a separate domain
partition replication topology. Forest-wide replication is not conducted
separately, because this information is sent to all domains in the forest.
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 10
INTERSITE REPLICATION Designed to control replication traffic over
slow WAN links. KCC designates one domain controller per
site to be the Intersite Topology Generator (ISTG).
ISTG designates the bridgehead server. Site links are used to define the intersite
replication topology.
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 11
INTERSITE REPLICATION: SITE LINKS Connection between two sites that are
logical and transitive Represents physical network links Manually defined by administrator Sites communicate using same protocol
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 12
SITE LINK CONFIGURATION Cost
Lower cost routes are used first. Default is 100; range 1 to 99,999.
Schedule Default is availability 7 days per week, 24
hours per day.
Administrator can modify to exclude certain days and hours the link is not available.
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 13
SITE LINK CONFIGURATION Frequency
Specifies how often the link attempts to replicate information within the specified availability (schedule)
Default is 180 minutes; range is 15 minutes to once per week
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 14
CREATING SITES
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 15
CREATING SITE LINKS
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 16
CONFIGURING SITE LINK PROPERTIES
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 17
CREATING SUBNETS
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 18
REPLICATION PROTOCOLS Remote procedure call (RPC) over Internet
Protocol (IP) Default and most commonly used Adheres to schedules by default Synchronous; connection required Only choice for domain controllers from
same domain Simple Mail Transfer Protocol (SMTP)
Allows asynchronous communications
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 19
REPLICATION PROTOCOLS Doesn’t adhere to schedules by default Requires a certificate and certificate
authority (CA) Cannot replicate domain partition
information
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 20
RPC REQUIRES A CONNECTION
contoso.comDCs
Site 1
Site 2
Link1-2Schedule
1:00 A.M. – 3:00 A.M.
Link2-3Schedule
3:00 A.M. – 5:00 A.M.
Cohowinery.com DCs
contoso.comDCs
Site 3
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 21
INTRASITE VERSUS INTERSITE REPLICATION Intrasite
Replication traffic not compressed. Replication partners notify each other within 5
to 15 minutes of changes.
KCC automatically configures and maintains a replication ring.
RPC is used. Intersite
Replication traffic is compressed.
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 22
INTRASITE VERSUS INTERSITE REPLICATION
Bridgehead servers notify bridgehead servers at other sites of changes every 80 minutes by default.
Site links are required for replication to occur.
Protocols used intersite can be RPC over IP or SMTP.
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 23
DESIGNATING THE BRIDGEHEAD SERVER ISTG automatically assigns preferred
bridgehead server. Administrator can designate preferred
bridgehead servers. Done through properties of domain controller
object in Active Directory Sites And Services Select the protocol, IP or SMTP, for which this
server is to be considered a preferred bridgehead server
Allows administrator to designate that role to systems with most processing power to spare
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 24
PREFERRED BRIDGEHEAD SERVER DESIGNATION
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 25
SITE LINK BRIDGING Used to allow communication over two
different site links.
Bridge All Site Links is configured by default.
You can clear the Bridge All Site Links check box and configure site link bridges manually.
You cannot create a site link bridge until you have at least two site links.
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 26
CONFIGURING SITE LINK BRIDGING
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 27
MANAGING REPLICATION
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 28
CHECK REPLICATION TOPOLOGY
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 29
DETERMINING THE ISTG
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 30
FORCING REPLICATION Active Directory Sites And Services Active Directory Replication Monitor
(Replmon) Repadmin/syncall contoso.com
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 31
MONITORING REPLICATION Windows Support Tools
Microsoft Windows Server 2003 installation CD-ROM
Support\Tools folder on the CD Dcdiag Repadmin Replmon
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 32
DOMAIN CONTROLLERDIAG Many options for diagnosing and repairing
domain controller issues Type dcdiag /? at a command prompt to see
a list Noteworthy examples
dcdiag /test:replication dcdiag /fix
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 33
REPADMIN Command line utility for replication control and
monitoring Type repadmin /? at a command prompt to see a list Noteworthy examples
/showreps – view replication partners /showconn – view connections /sync and /syncall – force replication /showmeta – view attributes of a specific object /showvector – check USNs for a particular naming
context, also named partition
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 34
REPLMON: ACTIVE DIRECTORY REPLICATION MONITOR Graphical utility for replication control and
monitoring Launch from Support Tools option on Start
menu or by typing replmon in Run dialog box or CMD prompt
Noteworthy capabilities Check replication topology Force synchronization Generate a status report to a log file View bridgehead servers
Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES 35
SUMMARY Intrasite versus intersite replication details Site, site link, and site link bridge creation
and configuration Intersite replication configuration options
Bridgehead servers Protocol selection
Windows Support Tools: domain controllerdiag, Repadmin, Replmon