WORKING WITH ACTIVE DIRECTORY SITES

1
WORKING WITH ACTIVE DIRECTORY SITES

• Chapter 3

2
INTRODUCING SITES

• Logical structure can be seen in Active Directory
  Users And Computers.
• Physical network structure affects the efficiency
  of Active Directory replication.
• Up to the administrator to create sites in Active
  Directory Sites And Services.
• Sites are used to control Active Directory
  replication and authentication traffic.
• Only site created by default is the
  Default-First-Site-Name.

3
SITES AND SITE LINKS

• Sites are typically composed of fast and reliably
  connected computers.
• Criteria for fast and reliable are up to the
  administrator.
• Sites are independent of the domain structure.
• Domain computer accounts can be spread over
  multiple sites.
• Sites can contain resources from multiple domains.

4
SITES AND SITE LINKS

• Although sites can be added, modified, and
  deleted at any time, planning the site structure
  before installing Active Directory saves you
  time.
• Default-First-Site-Name site is default location
  for domain controllers.
• First domain controller is always placed into
  this site.
• Other domain controllers are placed here, if
  appropriate site definitions arent available.
• If sites are created appropriately, newly
  installed domain controllers are automatically
  placed in the appropriate site.

5
SITES AND THE REPLICATION PROCESS

• Replication topology describes the logical
  connections made between domain controllers for
  replication.
• Replication is the transfer of directory
  information updates.
• Object additions or removals
• Object attribute changes
• Object renames

6
SITES AND THE REPLICATION PROCESS

• Tracking replication changes.
• Update Sequence Number (USN)
• Timestamp
• Bridgehead server controls replication changes
  between sites.
• Compares USN for recent changes
• Uses timestamp if modifications carry the same
  USN
• Convergence occurs when all changes are updated.

7
INTRASITE REPLICATION OVERVIEW

• Knowledge consistency checker (KCC)
• Creates initial replication topology (replication
  ring)
• Creates connection objects between domain
  controllers
• Process that runs on each domain controller
• Active Directory replicates four partitions
• Domain (domain-wide)
• Schema (forest-wide)
• Configuration (forest-wide)
• Application Data (depends on configuration)

8
INTRASITE REPLICATION DETAILS

• KCC runs every 15 minutes to ensure replication
  topology is efficient.
• Intrasite replication latency is minimized in
  these ways
• KCC creates a bidirectional Replication Ring
• KCC ensures no more than three replication hops
  between any two domain controllers by adding
  additional connections as needed
• Replication traffic is not compressed

9
INTRASITE REPLICATION DETAILS

• Intrasite replication latency is 15 minutes by
  default, but there is urgent replication for
  important changes.
• Multiple domains in a single site.
• Each domain maintains a separate domain partition
  replication topology.
• Forest-wide replication is not conducted
  separately, because this information is sent to
  all domains in the forest.

10
INTERSITE REPLICATION

• Designed to control replication traffic over slow
  WAN links.
• KCC designates one domain controller per site to
  be the Intersite Topology Generator (ISTG).
• ISTG designates the bridgehead server.
• Site links are used to define the intersite
  replication topology.

11
INTERSITE REPLICATION SITE LINKS

• Connection between two sites that are logical and
  transitive
• Represents physical network links
• Manually defined by administrator
• Sites communicate using same protocol

12
SITE LINK CONFIGURATION

• Cost
• Lower cost routes are used first.
• Default is 100 range 1 to 99,999.
• Schedule
• Default is availability 7 days per week, 24 hours
  per day.
• Administrator can modify to exclude certain days
  and hours the link is not available.

13
SITE LINK CONFIGURATION

• Frequency
• Specifies how often the link attempts to
  replicate information within the specified
  availability (schedule)
• Default is 180 minutes range is 15 minutes to
  once per week

14
CREATING SITES
15
CREATING SITE LINKS
16
CONFIGURING SITE LINK PROPERTIES
17
CREATING SUBNETS
18
REPLICATION PROTOCOLS

• Remote procedure call (RPC) over Internet
  Protocol (IP)
• Default and most commonly used
• Adheres to schedules by default
• Synchronous connection required
• Only choice for domain controllers from same
  domain
• Simple Mail Transfer Protocol (SMTP)
• Allows asynchronous communications

19
REPLICATION PROTOCOLS

• Doesnt adhere to schedules by default
• Requires a certificate and certificate authority
  (CA)
• Cannot replicate domain partition information

20
RPC REQUIRES A CONNECTION
21
INTRASITE VERSUS INTERSITE REPLICATION

• Intrasite
• Replication traffic not compressed.
• Replication partners notify each other within 5
  to 15 minutes of changes.
• KCC automatically configures and maintains a
  replication ring.
• RPC is used.
• Intersite
• Replication traffic is compressed.

22
INTRASITE VERSUS INTERSITE REPLICATION

• Bridgehead servers notify bridgehead servers at
  other sites of changes every 80 minutes by
  default.
• Site links are required for replication to occur.
• Protocols used intersite can be RPC over IP or
  SMTP.

23
DESIGNATING THE BRIDGEHEAD SERVER

• ISTG automatically assigns preferred bridgehead
  server.
• Administrator can designate preferred bridgehead
  servers.
• Done through properties of domain controller
  object in Active Directory Sites And Services
• Select the protocol, IP or SMTP, for which this
  server is to be considered a preferred bridgehead
  server
• Allows administrator to designate that role to
  systems with most processing power to spare

24
PREFERRED BRIDGEHEAD SERVER DESIGNATION
25
SITE LINK BRIDGING

• Used to allow communication over two different
  site links.
• Bridge All Site Links is configured by default.
• You can clear the Bridge All Site Links check box
  and configure site link bridges manually.
• You cannot create a site link bridge until you
  have at least two site links.

26
CONFIGURING SITE LINK BRIDGING
27
MANAGING REPLICATION
28
CHECK REPLICATION TOPOLOGY
29
DETERMINING THE ISTG
30
FORCING REPLICATION

• Active Directory Sites And Services
• Active Directory Replication Monitor (Replmon)
• Repadmin/syncall contoso.com

31
MONITORING REPLICATION

• Windows Support Tools
• Microsoft Windows Server 2003 installation CD-ROM
• Support\Tools folder on the CD
• Dcdiag
• Repadmin
• Replmon

32
DOMAIN CONTROLLERDIAG

• Many options for diagnosing and repairing domain
  controller issues
• Type dcdiag /? at a command prompt to see a list
• Noteworthy examples
• dcdiag /testreplication
• dcdiag /fix

33
REPADMIN

• Command line utility for replication control and
  monitoring
• Type repadmin /? at a command prompt to see a
  list
• Noteworthy examples
• /showreps view replication partners
• /showconn view connections
• /sync and /syncall force replication
• /showmeta view attributes of a specific object
• /showvector check USNs for a particular naming
  context, also named partition

34
REPLMON ACTIVE DIRECTORY REPLICATION MONITOR

• Graphical utility for replication control and
  monitoring
• Launch from Support Tools option on Start menu or
  by typing replmon in Run dialog box or CMD prompt
• Noteworthy capabilities
• Check replication topology
• Force synchronization
• Generate a status report to a log file
• View bridgehead servers

35
SUMMARY

• Intrasite versus intersite replication details
• Site, site link, and site link bridge creation
  and configuration
• Intersite replication configuration options
• Bridgehead servers
• Protocol selection
• Windows Support Tools domain controllerdiag,
  Repadmin, Replmon