WORKING WITH ACTIVE DIRECTORY SITES - PowerPoint PPT Presentation

About This Presentation
Title:

WORKING WITH ACTIVE DIRECTORY SITES

Description:

chapter 3 working with active directory sites – PowerPoint PPT presentation

Number of Views:97
Avg rating:3.0/5.0
Slides: 36
Provided by: JimKram2
Category:

less

Transcript and Presenter's Notes

Title: WORKING WITH ACTIVE DIRECTORY SITES


1
WORKING WITH ACTIVE DIRECTORY SITES
  • Chapter 3

2
INTRODUCING SITES
  • Logical structure can be seen in Active Directory
    Users And Computers.
  • Physical network structure affects the efficiency
    of Active Directory replication.
  • Up to the administrator to create sites in Active
    Directory Sites And Services.
  • Sites are used to control Active Directory
    replication and authentication traffic.
  • Only site created by default is the
    Default-First-Site-Name.

3
SITES AND SITE LINKS
  • Sites are typically composed of fast and reliably
    connected computers.
  • Criteria for fast and reliable are up to the
    administrator.
  • Sites are independent of the domain structure.
  • Domain computer accounts can be spread over
    multiple sites.
  • Sites can contain resources from multiple domains.

4
SITES AND SITE LINKS
  • Although sites can be added, modified, and
    deleted at any time, planning the site structure
    before installing Active Directory saves you
    time.
  • Default-First-Site-Name site is default location
    for domain controllers.
  • First domain controller is always placed into
    this site.
  • Other domain controllers are placed here, if
    appropriate site definitions arent available.
  • If sites are created appropriately, newly
    installed domain controllers are automatically
    placed in the appropriate site.

5
SITES AND THE REPLICATION PROCESS
  • Replication topology describes the logical
    connections made between domain controllers for
    replication.
  • Replication is the transfer of directory
    information updates.
  • Object additions or removals
  • Object attribute changes
  • Object renames

6
SITES AND THE REPLICATION PROCESS
  • Tracking replication changes.
  • Update Sequence Number (USN)
  • Timestamp
  • Bridgehead server controls replication changes
    between sites.
  • Compares USN for recent changes
  • Uses timestamp if modifications carry the same
    USN
  • Convergence occurs when all changes are updated.

7
INTRASITE REPLICATION OVERVIEW
  • Knowledge consistency checker (KCC)
  • Creates initial replication topology (replication
    ring)
  • Creates connection objects between domain
    controllers
  • Process that runs on each domain controller
  • Active Directory replicates four partitions
  • Domain (domain-wide)
  • Schema (forest-wide)
  • Configuration (forest-wide)
  • Application Data (depends on configuration)

8
INTRASITE REPLICATION DETAILS
  • KCC runs every 15 minutes to ensure replication
    topology is efficient.
  • Intrasite replication latency is minimized in
    these ways
  • KCC creates a bidirectional Replication Ring
  • KCC ensures no more than three replication hops
    between any two domain controllers by adding
    additional connections as needed
  • Replication traffic is not compressed

9
INTRASITE REPLICATION DETAILS
  • Intrasite replication latency is 15 minutes by
    default, but there is urgent replication for
    important changes.
  • Multiple domains in a single site.
  • Each domain maintains a separate domain partition
    replication topology.
  • Forest-wide replication is not conducted
    separately, because this information is sent to
    all domains in the forest.

10
INTERSITE REPLICATION
  • Designed to control replication traffic over slow
    WAN links.
  • KCC designates one domain controller per site to
    be the Intersite Topology Generator (ISTG).
  • ISTG designates the bridgehead server.
  • Site links are used to define the intersite
    replication topology.

11
INTERSITE REPLICATION SITE LINKS
  • Connection between two sites that are logical and
    transitive
  • Represents physical network links
  • Manually defined by administrator
  • Sites communicate using same protocol

12
SITE LINK CONFIGURATION
  • Cost
  • Lower cost routes are used first.
  • Default is 100 range 1 to 99,999.
  • Schedule
  • Default is availability 7 days per week, 24 hours
    per day.
  • Administrator can modify to exclude certain days
    and hours the link is not available.

13
SITE LINK CONFIGURATION
  • Frequency
  • Specifies how often the link attempts to
    replicate information within the specified
    availability (schedule)
  • Default is 180 minutes range is 15 minutes to
    once per week

14
CREATING SITES
15
CREATING SITE LINKS
16
CONFIGURING SITE LINK PROPERTIES
17
CREATING SUBNETS
18
REPLICATION PROTOCOLS
  • Remote procedure call (RPC) over Internet
    Protocol (IP)
  • Default and most commonly used
  • Adheres to schedules by default
  • Synchronous connection required
  • Only choice for domain controllers from same
    domain
  • Simple Mail Transfer Protocol (SMTP)
  • Allows asynchronous communications

19
REPLICATION PROTOCOLS
  • Doesnt adhere to schedules by default
  • Requires a certificate and certificate authority
    (CA)
  • Cannot replicate domain partition information

20
RPC REQUIRES A CONNECTION
21
INTRASITE VERSUS INTERSITE REPLICATION
  • Intrasite
  • Replication traffic not compressed.
  • Replication partners notify each other within 5
    to 15 minutes of changes.
  • KCC automatically configures and maintains a
    replication ring.
  • RPC is used.
  • Intersite
  • Replication traffic is compressed.

22
INTRASITE VERSUS INTERSITE REPLICATION
  • Bridgehead servers notify bridgehead servers at
    other sites of changes every 80 minutes by
    default.
  • Site links are required for replication to occur.
  • Protocols used intersite can be RPC over IP or
    SMTP.

23
DESIGNATING THE BRIDGEHEAD SERVER
  • ISTG automatically assigns preferred bridgehead
    server.
  • Administrator can designate preferred bridgehead
    servers.
  • Done through properties of domain controller
    object in Active Directory Sites And Services
  • Select the protocol, IP or SMTP, for which this
    server is to be considered a preferred bridgehead
    server
  • Allows administrator to designate that role to
    systems with most processing power to spare

24
PREFERRED BRIDGEHEAD SERVER DESIGNATION
25
SITE LINK BRIDGING
  • Used to allow communication over two different
    site links.
  • Bridge All Site Links is configured by default.
  • You can clear the Bridge All Site Links check box
    and configure site link bridges manually.
  • You cannot create a site link bridge until you
    have at least two site links.

26
CONFIGURING SITE LINK BRIDGING
27
MANAGING REPLICATION
28
CHECK REPLICATION TOPOLOGY
29
DETERMINING THE ISTG
30
FORCING REPLICATION
  • Active Directory Sites And Services
  • Active Directory Replication Monitor (Replmon)
  • Repadmin/syncall contoso.com

31
MONITORING REPLICATION
  • Windows Support Tools
  • Microsoft Windows Server 2003 installation CD-ROM
  • Support\Tools folder on the CD
  • Dcdiag
  • Repadmin
  • Replmon

32
DOMAIN CONTROLLERDIAG
  • Many options for diagnosing and repairing domain
    controller issues
  • Type dcdiag /? at a command prompt to see a list
  • Noteworthy examples
  • dcdiag /testreplication
  • dcdiag /fix

33
REPADMIN
  • Command line utility for replication control and
    monitoring
  • Type repadmin /? at a command prompt to see a
    list
  • Noteworthy examples
  • /showreps view replication partners
  • /showconn view connections
  • /sync and /syncall force replication
  • /showmeta view attributes of a specific object
  • /showvector check USNs for a particular naming
    context, also named partition

34
REPLMON ACTIVE DIRECTORY REPLICATION MONITOR
  • Graphical utility for replication control and
    monitoring
  • Launch from Support Tools option on Start menu or
    by typing replmon in Run dialog box or CMD prompt
  • Noteworthy capabilities
  • Check replication topology
  • Force synchronization
  • Generate a status report to a log file
  • View bridgehead servers

35
SUMMARY
  • Intrasite versus intersite replication details
  • Site, site link, and site link bridge creation
    and configuration
  • Intersite replication configuration options
  • Bridgehead servers
  • Protocol selection
  • Windows Support Tools domain controllerdiag,
    Repadmin, Replmon
Write a Comment
User Comments (0)
About PowerShow.com