1 / 35

WORKING WITH ACTIVE DIRECTORY SITES

Chapter 3. WORKING WITH ACTIVE DIRECTORY SITES. INTRODUCING SITES. Logical structure can be seen in Active Directory Users And Computers. Physical network structure affects the efficiency of Active Directory replication.

abba
Télécharger la présentation

WORKING WITH ACTIVE DIRECTORY SITES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 3 WORKING WITH ACTIVE DIRECTORY SITES

  2. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES INTRODUCING SITES • Logical structure can be seen in Active Directory Users And Computers. • Physical network structure affects the efficiency of Active Directory replication. • Up to the administrator to create sites in Active Directory Sites And Services. • Sites are used to control Active Directory replication and authentication traffic. • Only site created by default is the Default-First-Site-Name.

  3. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES SITES AND SITE LINKS • Sites are typically composed of fast and reliably connected computers. • Criteria for fast and reliable are up to the administrator. • Sites are independent of the domain structure. • Domain computer accounts can be spread over multiple sites. • Sites can contain resources from multiple domains.

  4. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES SITES AND SITE LINKS • Although sites can be added, modified, and deleted at any time, planning the site structure before installing Active Directory saves you time. • Default-First-Site-Name site is default location for domain controllers. • First domain controller is always placed into this site. • Other domain controllers are placed here, if appropriate site definitions aren’t available. • If sites are created appropriately, newly installed domain controllers are automatically placed in the appropriate site.

  5. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES SITES AND THE REPLICATION PROCESS • Replication topology describes the logical connections made between domain controllers for replication. • Replication is the transfer of directory information updates. • Object additions or removals • Object attribute changes • Object renames

  6. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES SITES AND THE REPLICATION PROCESS • Tracking replication changes. • Update Sequence Number (USN) • Timestamp • Bridgehead server controls replication changes between sites. • Compares USN for recent changes • Uses timestamp if modifications carry the same USN • Convergence occurs when all changes are updated.

  7. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES INTRASITE REPLICATION OVERVIEW • Knowledge consistency checker (KCC) • Creates initial replication topology (replication ring) • Creates connection objects between domain controllers • Process that runs on each domain controller • Active Directory replicates four partitions • Domain (domain-wide) • Schema (forest-wide) • Configuration (forest-wide) • Application Data (depends on configuration)

  8. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES INTRASITE REPLICATION DETAILS • KCC runs every 15 minutes to ensure replication topology is efficient. • Intrasite replication latency is minimized in these ways: • KCC creates a bidirectional Replication Ring • KCC ensures no more than three replication hops between any two domain controllers by adding additional connections as needed • Replication traffic is not compressed

  9. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES INTRASITE REPLICATION DETAILS • Intrasite replication latency is 15 minutes by default, but there is urgent replication for important changes. • Multiple domains in a single site. • Each domain maintains a separate domain partition replication topology. • Forest-wide replication is not conducted separately, because this information is sent to all domains in the forest.

  10. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES INTERSITE REPLICATION • Designed to control replication traffic over slow WAN links. • KCC designates one domain controller per site to be the Intersite Topology Generator (ISTG). • ISTG designates the bridgehead server. • Site links are used to define the intersite replication topology.

  11. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES INTERSITE REPLICATION: SITE LINKS • Connection between two sites that are logical and transitive • Represents physical network links • Manually defined by administrator • Sites communicate using same protocol

  12. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES SITE LINK CONFIGURATION • Cost • Lower cost routes are used first. • Default is 100; range 1 to 99,999. • Schedule • Default is availability 7 days per week, 24 hours per day. • Administrator can modify to exclude certain days and hours the link is not available.

  13. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES SITE LINK CONFIGURATION • Frequency • Specifies how often the link attempts to replicate information within the specified availability (schedule) • Default is 180 minutes; range is 15 minutes to once per week

  14. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES CREATING SITES

  15. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES CREATING SITE LINKS

  16. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES CONFIGURING SITE LINK PROPERTIES

  17. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES CREATING SUBNETS

  18. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES REPLICATION PROTOCOLS • Remote procedure call (RPC) over Internet Protocol (IP) • Default and most commonly used • Adheres to schedules by default • Synchronous; connection required • Only choice for domain controllers from same domain • Simple Mail Transfer Protocol (SMTP) • Allows asynchronous communications

  19. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES REPLICATION PROTOCOLS • Doesn’t adhere to schedules by default • Requires a certificate and certificate authority (CA) • Cannot replicate domain partition information

  20. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES RPC REQUIRES A CONNECTION

  21. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES INTRASITE VERSUS INTERSITE REPLICATION • Intrasite • Replication traffic not compressed. • Replication partners notify each other within 5 to 15 minutes of changes. • KCC automatically configures and maintains a replication ring. • RPC is used. • Intersite • Replication traffic is compressed.

  22. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES INTRASITE VERSUS INTERSITE REPLICATION • Bridgehead servers notify bridgehead servers at other sites of changes every 80 minutes by default. • Site links are required for replication to occur. • Protocols used intersite can be RPC over IP or SMTP.

  23. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES DESIGNATING THE BRIDGEHEAD SERVER • ISTG automatically assigns preferred bridgehead server. • Administrator can designate preferred bridgehead servers. • Done through properties of domain controller object in Active Directory Sites And Services • Select the protocol, IP or SMTP, for which this server is to be considered a preferred bridgehead server • Allows administrator to designate that role to systems with most processing power to spare

  24. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES PREFERRED BRIDGEHEAD SERVER DESIGNATION

  25. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES SITE LINK BRIDGING • Used to allow communication over two different site links. • Bridge All Site Links is configured by default. • You can clear the Bridge All Site Links check box and configure site link bridges manually. • You cannot create a site link bridge until you have at least two site links.

  26. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES CONFIGURING SITE LINK BRIDGING

  27. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES MANAGING REPLICATION

  28. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES CHECK REPLICATION TOPOLOGY

  29. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES DETERMINING THE ISTG

  30. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES FORCING REPLICATION • Active Directory Sites And Services • Active Directory Replication Monitor (Replmon) • Repadmin/syncall contoso.com

  31. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES MONITORING REPLICATION • Windows Support Tools • Microsoft Windows Server 2003 installation CD-ROM • Support\Tools folder on the CD • Dcdiag • Repadmin • Replmon

  32. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES DOMAIN CONTROLLERDIAG • Many options for diagnosing and repairing domain controller issues • Type dcdiag /? at a command prompt to see a list • Noteworthy examples • dcdiag /test:replication • dcdiag /fix

  33. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES REPADMIN • Command line utility for replication control and monitoring • Type repadmin /? at a command prompt to see a list • Noteworthy examples • /showreps – view replication partners • /showconn – view connections • /sync and /syncall – force replication • /showmeta – view attributes of a specific object • /showvector – check USNs for a particular naming context, also named partition

  34. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES REPLMON: ACTIVE DIRECTORY REPLICATION MONITOR • Graphical utility for replication control and monitoring • Launch from Support Tools option on Start menu or by typing replmon in Run dialog box or CMD prompt • Noteworthy capabilities • Check replication topology • Force synchronization • Generate a status report to a log file • View bridgehead servers

  35. Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES SUMMARY • Intrasite versus intersite replication details • Site, site link, and site link bridge creation and configuration • Intersite replication configuration options • Bridgehead servers • Protocol selection • Windows Support Tools: domain controllerdiag, Repadmin, Replmon

More Related