Windows Server 2003 站台設定與管理 林寶森 jeffl@ms11.hinet.net
The Logical Structure of Active Directory Domain OU Domain Tree Forest Organizational Unit Objects Domains Organizational Units Trees and Forests Schema
The Physical Structure of Active Directory Sites Domain controllers WAN links Site Domain Controllers WAN Link
Active Directory Update How Replication Works Site A Originating Update Domain Controller A Domain Controller B Domain Controller C Replicated Update Active Directory Update Add Modify Move Delete Change Notification Change Notification Multimaster Replication with a Loose Convergence
Optimizing Replication Domain Controller B GUID USN Up-To-Dateness Vector GUID USN Update Replicated Update Originating Update Domain Controller A Update GUID USN Domain Controller C Propagation Dampening Replicated Update
What Is Replication Topology? Domain A Topology Domain B Topology Schema and Configuration Topology A1 A2 A3 A4 B1 B2 B3 Domain Controllers from Various Domains Domain Controllers from the Same Domain A1 A2 A3 A4 Domain A Topology Schema and Configuration Topology
Automatic Generation of Replication Topology KCC A8 KCC Automatic Generation of Replication Topology
What is Global Catalog Server? Domain Global Catalog Server Global Catalog Result Query
Global Catalog and Replication of Partitions Partial Directory Partition Replica Schema Configuration Global Catalog Server Holds read only copy of all domain directory partitions contoso.msft namerica.contoso.msft Domain A Topology Schema/Config Topology Domain B Topology Schema and Configuration Topology
Sites and Subnets Site Fast Reliable Inexpensive Chicago Seattle Los Angeles New York Fast Reliable Inexpensive Site IP subnet If Bandwidth Usage is High within a Location, Consider Separate Sites IP subnet
Replication Within Sites vs. Between Sites Assumes fast and highly reliable network links Does not compress replication traffic Uses a change notification mechanism Replication Between Sites: Assumes limited available bandwidth and unreliable network links Compresses all replication traffic between sites Occurs on a manual schedule IP Subnet A1 A2 Replication IP Subnet A1 A2 Replication B1 B2
Choosing Inter-Site Replication Transports Remote Procedure Calls (RPCs) over TCP/IP Synchronous Transfer Requires Reliable Connections Generates Less Traffic Can be Used with DCs in Same Domain Simple Message Transport Protocol Asynchronous Transfer Used with Unreliable Connections Generates More Traffic Cannot be Used with DCs in Same Domain
What Are Sites and Subnet Objects? Active Directory Sites and Services Console Window Help Active View Tree Sites Default-First-Site-Name Servers Inter-Site Transports Subnets Site Inter-Site Transport Container Subnets Container Name Type Redmond-Site DENVER NTDS Settings B1 A1 IP Subnet
Associate with site link Creating a Site New Object - (Site) Create in: nwtraders1560.msft/Configuration/Sites Name: Select a site link object for this site. (Site link objects are found in the Sites/Inter-Site Transports container.) Link Name Transport DEFAULTIPSITELINK IP OK Cancel Assign name Associate with site link
Creating Subnets New Object - Subnet Enter the subnet address and mask. This will automatically translate into a subnet name in the form network/bits-masked. Example: address 10.14.209.14 mask 255.255.240.0 becomes subnet 10.14.208.0/20. Select a site object for this subnet. Address: Create in: nwtraders.msft/Configuration/Sites/Subnets 172 . 161. 0 . 200 255 . 255 . 255 . 0 Site Name Default-First-Site-Name Mask: Name: 172.161.0.0/24 OK Cancel
Moving Server Objects Between Sites Active Directory Sites and Services Sites Default-First-Site-Name Servers LONDON1560 NTDS Settings Inter-Site Transports Subnets Alternate Services LONDON1560 Move... All Tasks View New Windows from Here Delete Rename Refresh Export List… Properties Help Move... Move Server Select the site which should contain this server: Site Name Alternate Default-First-Site-Name OK Cancel
What Are Site Links? A site link: Site 2 Site 1 RPC or SMTP A2 Enables replication traffic between sites Represents the physical connection between sites IP Subnet IP Subnet Site 2 B1 B2 Site Link IP Subnet B3 Cost IP Subnet Site 1
Creating and Configuring Site Links HQ-Vancouver Properties General Object Security HQ-Vancouver Description Sites Not in this Site Link: Sites in this Site Link: Default-First-Site-Name Corp-HQ Vancouver Add>> <<Remove Cost: Replicate every: OK Cancel Apply minutes 100 180 Change Schedule... Schedule for HQ-Vancouver OK Cancel Replication Not Available Replication Available 12 • 2 • 4 • 6 • 8 • 10 • 12 • 2 • 4 • 6 • 8 • 10 • 12 Sunday through Saturday from 12 AM to 12 AM Sunday Monday Tuesday Wednesday Thursday Friday Saturday Cost Interval Schedule
What are Site Link Bridges? IP Subnet Site B Site A A1 A2 Site Link Bridge B2 Site Link BC Site Link AB B1 B3 C2 C1 Site C
Creating Site Link Bridges New Object - (Site Link Bridge) Create in: nwtraders1560.msft/Configuration/Sites Name: Site Links Not in this Site Link Bridge: Site Links in this Site DEFAULTIPSITELINK Cross-town Local <<Remove Add >> OK Cancel A site link bridge must contain at least two site links.
What Is a Bridgehead Server? IP Subnet A1 Bridgehead Server Replication B1 Sends and receives replicated data Is designated for each partition in the site
Intersite Topology Generator What Is the ISTG? IP Subnet A1 A2 Bridgehead Server Replication B2 Bridgehead Server B1 Intersite Topology Generator Intersite Topology Generator defines the replication between sites on a network
What Is Universal Group Membership Caching? At first logon, the local domain controller requests information from the global catalog server After the first logon, the local domain controller uses the cached copy of the universal group membership Small Site Universal Groups Large Site User’s Cached Universal Group
Comparing Intra-Site Replication and Inter-Site Replication Replication Within a Site Replication Between Sites Change Notification Default 15 sec, 3 sec Replication Scheduling Default 180 min Uncompressed Traffic Compressed Traffic (> 50KB) Multiple Connections Bridgehead Servers Knowledge Consistency Checker Inter-Site Topology Generator Default Using RPC over IP Using IP or SMTP Urgent Replication
Replication Components Knowledge Consistency Checker configures replication connections Site Object Server Object A Object B B is replication source for A A is replication source for B NTDS Settings Object Connection Object A B
Using Connection Objects Connection Objects Are Created: Automatically or Manually Connection Objects Are Created on Each Domain Controller Use Active Directory Sites and Services to Manually Create, Delete, and Adjust Connection Objects Use the Replicate Now Option to Manually Initiate Replication Connection Object Connection Object Domain Controller A1 Domain Controller A2
Creating a Connection Object Active Directory Sites and Services Sites Default-First-Site-Name Servers LONDON1560 NTDS Settings Inter-Site Transports Subnets Alternate Services Move... New Active Directory Connection Find Domain Controllers File Edit View Help Domain Controllers Server Name Site Domain Default-First-Site-Name LONDON1560 LONDON1561 nwtraders1560.msft Select a domain controller from the list below by either name or site. (You can refresh the list by either clicking “Find Now”, or choosing “Refresh” from the View menu.) Find Now Stop Clear All OK
Adjusting Replication Modify the Replication Behavior by: Creating Additional Connection Objects to: Reduce the number of hops between domain controllers Bypass the failed server or servers Configuring Preferred Bridgehead Servers
Resolving Replication Conflicts Domain Controller A Domain Controller B Stamp Stamp Originating Update Originating Update Conflict Conflict Version Number Timestamp Server GUID Stamp Conflicts Can Be Due to: Attribute Value Adding/Moving Under a Deleted Container Object or the Deletion of a Container Object Sibling Name
Replication of Linked Multivalued Attributes Replication of linked multivalued attributes depends on the forest functional level Forest functional level What happens? < Windows Server 2003 Change triggers replication of the entire membership list = Windows Server 2003 Replication occurs by individual value instead of the whole attribute