WORKING WITH ACTIVE DIRECTORY SITES

1
WORKING WITH ACTIVE DIRECTORY SITES

• Chapter 3

2
INTRODUCING SITES

• Logical structure can be seen in Active Directory
  Users And Computers.
• Physical network structure affects the efficiency
  of Active Directory replication.
• Up to the administrator to create sites in Active
  Directory Sites And Services.
• Sites are used to control Active Directory
  replication and authentication traffic.
• Only site created by default is the
  Default-First-Site-Name.

P60
3
SITES AND SITE LINKS

• Sites are typically composed of fast and reliably
  connected computers.
• Criteria for fast and reliable are up to the
  administrator.
• Sites are independent of the domain structure.
• Domain computer accounts can be spread over
  multiple sites.
• Sites can contain resources from multiple domains.

P60
4
SITES AND SITE LINKS

• Although sites can be added, modified, and
  deleted at any time, planning the site structure
  before installing Active Directory saves you
  time.
• Default-First-Site-Name site is default location
  for domain controllers.
• First domain controller is always placed into
  this site.
• Other domain controllers are placed here, if
  appropriate site definitions arent available.
• If sites are created appropriately, newly
  installed domain controllers are automatically
  placed in the appropriate site.

P61
5
SITES AND THE REPLICATION PROCESS

• Replication topology describes the logical
  connections made between domain controllers for
  replication.
• Replication is the transfer of directory
  information updates.
• Object additions or removals
• Object attribute changes
• Object renames

P62
6
SITES AND THE REPLICATION PROCESS

• Tracking replication changes.
• Update Sequence Number (USN)
• Timestamp
• Bridgehead server controls replication changes
  between sites.
• Compares USN for recent changes
• Uses timestamp if modifications carry the same
  USN
• Convergence occurs when all changes are updated.

P62
7
INTRASITE REPLICATION OVERVIEW

• Knowledge consistency checker (KCC)
• Creates initial replication topology (replication
  ring)
• Creates connection objects between domain
  controllers
• Process that runs on each domain controller
• Active Directory replicates four partitions
• Domain (domain-wide)
• Schema (forest-wide)
• Configuration (forest-wide)
• Application Data (depends on configuration)

P62
8
INTRASITE REPLICATION DETAILS

• KCC runs every 15 minutes to ensure replication
  topology is efficient.
• Intrasite replication latency is minimized in
  these ways
• KCC creates a bidirectional Replication Ring
• KCC ensures no more than three replication hops
  between any two domain controllers by adding
  additional connections as needed
• Replication traffic is not compressed

P63
9
INTRASITE REPLICATION DETAILS

• Intrasite replication latency is 15 minutes by
  default, but there is urgent replication for
  important changes.
• Multiple domains in a single site.
• Each domain maintains a separate domain partition
  replication topology.
• Forest-wide replication is not conducted
  separately, because this information is sent to
  all domains in the forest.

P64
10
INTERSITE REPLICATION

• Designed to control replication traffic over slow
  WAN links.
• KCC designates one domain controller per site to
  be the Intersite Topology Generator (ISTG).
• ISTG designates the bridgehead server.
• Site links are used to define the intersite
  replication topology.

P65
11
INTERSITE REPLICATION SITE LINKS

• Connection between two sites that are logical and
  transitive
• Represents physical network links
• Manually defined by administrator
• Sites communicate using same protocol

P65
12
SITE LINK CONFIGURATION

• Cost
• Lower cost routes are used first.
• Default is 100 range 1 to 99,999.
• Schedule
• Default is availability 24/7
• Administrator can modify to exclude certain days
  and hours.
• Frequency
• Specifies how often the link attempts to
  replicate information within the specified
  availability (schedule)
• Default is 180 minutes range is 15 minutes to
  once per week

P66
13
REPLICATION PROTOCOLS RPC/IP

• Remote procedure call (RPC) over Internet
  Protocol (IP)
• Default and most commonly used
• Adheres to schedules by default
• Synchronous connection required
• Only choice for domain controllers from same
  domain

P67
14
RPC REQUIRES A CONNECTION
P67
15
REPLICATION PROTOCOLS SMTP

• Simple Mail Transfer Protocol (SMTP)
• Allows asynchronous communications
• Doesnt adhere to schedules by default
• Requires a certificate and certificate authority
  (CA)
• Cannot replicate domain partition information

P67
16
INTRASITE VERSUS INTERSITE REPLICATION

• Intrasite
• Replication traffic not compressed.
• Replication partners notify each other within 5
  to 15 minutes of changes.
• KCC automatically configures and maintains a
  replication ring.
• RPC is used.
• Intersite
• Replication traffic is compressed.

P68
17
INTRASITE VERSUS INTERSITE REPLICATION

• Bridgehead servers notify bridgehead servers at
  other sites of changes every 80 minutes by
  default.
• Site links are required for replication to occur.
• Protocols used intersite can be RPC over IP or
  SMTP.

P68
18
DESIGNATING THE BRIDGEHEAD SERVER

• ISTG automatically assigns preferred bridgehead
  server.
• Administrator can designate preferred bridgehead
  servers.
• Done through properties of domain controller
  object in Active Directory Sites And Services
• Select the protocol, IP or SMTP, for which this
  server is to be considered a preferred bridgehead
  server
• Allows administrator to designate that role to
  systems with most processing power to spare

P68
19
SITE LINK BRIDGING

• Used to allow communication over two different
  site links.
• Bridge All Site Links is configured by default.
• You can clear the Bridge All Site Links check box
  and configure site link bridges manually.
• You cannot create a site link bridge until you
  have at least two site links.

P69
20
CREATING SITES
P70
21
CREATING SITE LINKS
P72
22
CONFIGURING SITE LINK PROPERTIES
P73
23
CREATING SUBNETS
P73
24
PREFERRED BRIDGEHEAD SERVER DESIGNATION
P73
25
CONFIGURING SITE LINK BRIDGING
P73
26
MANAGING REPLICATION
27
CHECK REPLICATION TOPOLOGY
P74
28
DETERMINING THE ISTG
P74
29
FORCING REPLICATION

• Active Directory Sites And Services
• Active Directory Replication Monitor (Replmon)
• Repadmin/syncall contoso.com

P74
30
MONITORING REPLICATION

• Windows Support Tools
• Microsoft Windows Server 2003 installation CD-ROM
• Support\Tools folder on the CD
• Dcdiag
• Repadmin
• Replmon

P75
31
DOMAIN CONTROLLERDIAG

• Many options for diagnosing and repairing domain
  controller issues
• Type dcdiag /? at a command prompt to see a list
• Noteworthy examples
• dcdiag /testreplication
• dcdiag /fix

P76
32
REPADMIN

• Command line utility for replication control and
  monitoring
• Type repadmin /? at a command prompt to see a
  list
• Noteworthy examples
• /showreps view replication partners
• /showconn view connections
• /sync and /syncall force replication
• /showmeta view attributes of a specific object
• /showvector check USNs for a particular naming
  context, also named partition

P76
33
REPLMON ACTIVE DIRECTORY REPLICATION MONITOR

• Graphical utility for replication control and
  monitoring
• Launch from Support Tools option on Start menu or
  by typing replmon in Run dialog box or CMD prompt
• Noteworthy capabilities
• Check replication topology
• Force synchronization
• Generate a status report to a log file
• View bridgehead servers

P77
34
SUMMARY

• Intrasite versus intersite replication details
• Site, site link, and site link bridge creation
  and configuration
• Intersite replication configuration options
• Bridgehead servers
• Protocol selection
• Windows Support Tools domain controllerdiag,
  Repadmin, Replmon