Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 WORKING WITH ACTIVE DIRECTORY SITES Chapter 3.

Published byFlora McKinney Modified over 9 years ago

Similar presentations

Presentation on theme: "11 WORKING WITH ACTIVE DIRECTORY SITES Chapter 3."— Presentation transcript:

1 11 WORKING WITH ACTIVE DIRECTORY SITES Chapter 3

2 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES2 INTRODUCING SITES  Logical structure can be seen in Active Directory Users And Computers.  Physical network structure affects the efficiency of Active Directory replication.  Up to the administrator to create sites in Active Directory Sites And Services.  Sites are used to control Active Directory replication and authentication traffic.  Only site created by default is the Default-First- Site-Name.  Logical structure can be seen in Active Directory Users And Computers.  Physical network structure affects the efficiency of Active Directory replication.  Up to the administrator to create sites in Active Directory Sites And Services.  Sites are used to control Active Directory replication and authentication traffic.  Only site created by default is the Default-First- Site-Name.

3 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES3 SITES AND SITE LINKS  Sites are typically composed of fast and reliably connected computers.  Criteria for fast and reliable are up to the administrator.  Sites are independent of the domain structure.  Domain computer accounts can be spread over multiple sites.  Sites can contain resources from multiple domains.  Sites are typically composed of fast and reliably connected computers.  Criteria for fast and reliable are up to the administrator.  Sites are independent of the domain structure.  Domain computer accounts can be spread over multiple sites.  Sites can contain resources from multiple domains.

4 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES4 SITES AND SITE LINKS  Although sites can be added, modified, and deleted at any time, planning the site structure before installing Active Directory saves you time.  Default-First-Site-Name site is default location for domain controllers.  First domain controller is always placed into this site.  Other domain controllers are placed here, if appropriate site definitions aren’t available.  If sites are created appropriately, newly installed domain controllers are automatically placed in the appropriate site.  Although sites can be added, modified, and deleted at any time, planning the site structure before installing Active Directory saves you time.  Default-First-Site-Name site is default location for domain controllers.  First domain controller is always placed into this site.  Other domain controllers are placed here, if appropriate site definitions aren’t available.  If sites are created appropriately, newly installed domain controllers are automatically placed in the appropriate site.

5 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES5 SITES AND THE REPLICATION PROCESS  Replication topology describes the logical connections made between domain controllers for replication.  Replication is the transfer of directory information updates.  Object additions or removals  Object attribute changes  Object renames  Replication topology describes the logical connections made between domain controllers for replication.  Replication is the transfer of directory information updates.  Object additions or removals  Object attribute changes  Object renames

6 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES6 SITES AND THE REPLICATION PROCESS  Tracking replication changes.  Update Sequence Number (USN)  Timestamp  Bridgehead server controls replication changes between sites.  Compares USN for recent changes  Uses timestamp if modifications carry the same USN  Convergence occurs when all changes are updated.  Tracking replication changes.  Update Sequence Number (USN)  Timestamp  Bridgehead server controls replication changes between sites.  Compares USN for recent changes  Uses timestamp if modifications carry the same USN  Convergence occurs when all changes are updated.

7 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES7 INTRASITE REPLICATION OVERVIEW  Knowledge consistency checker (KCC)  Creates initial replication topology (replication ring)  Creates connection objects between domain controllers  Process that runs on each domain controller  Active Directory replicates four partitions  Domain (domain-wide)  Schema (forest-wide)  Configuration (forest-wide)  Application Data (depends on configuration)  Knowledge consistency checker (KCC)  Creates initial replication topology (replication ring)  Creates connection objects between domain controllers  Process that runs on each domain controller  Active Directory replicates four partitions  Domain (domain-wide)  Schema (forest-wide)  Configuration (forest-wide)  Application Data (depends on configuration)

8 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES8 INTRASITE REPLICATION DETAILS  KCC runs every 15 minutes to ensure replication topology is efficient.  Intrasite replication latency is minimized in these ways:  KCC creates a bidirectional Replication Ring  KCC ensures no more than three replication hops between any two domain controllers by adding additional connections as needed  Replication traffic is not compressed  KCC runs every 15 minutes to ensure replication topology is efficient.  Intrasite replication latency is minimized in these ways:  KCC creates a bidirectional Replication Ring  KCC ensures no more than three replication hops between any two domain controllers by adding additional connections as needed  Replication traffic is not compressed

9 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES9 INTRASITE REPLICATION DETAILS  Intrasite replication latency is 15 minutes by default, but there is urgent replication for important changes.  Multiple domains in a single site.  Each domain maintains a separate domain partition replication topology.  Forest-wide replication is not conducted separately, because this information is sent to all domains in the forest.  Intrasite replication latency is 15 minutes by default, but there is urgent replication for important changes.  Multiple domains in a single site.  Each domain maintains a separate domain partition replication topology.  Forest-wide replication is not conducted separately, because this information is sent to all domains in the forest.

10 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES10 INTERSITE REPLICATION  Designed to control replication traffic over slow WAN links.  KCC designates one domain controller per site to be the Intersite Topology Generator (ISTG).  ISTG designates the bridgehead server.  Site links are used to define the intersite replication topology.  Designed to control replication traffic over slow WAN links.  KCC designates one domain controller per site to be the Intersite Topology Generator (ISTG).  ISTG designates the bridgehead server.  Site links are used to define the intersite replication topology.

11 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES11 INTERSITE REPLICATION: SITE LINKS  Connection between two sites that are logical and transitive  Represents physical network links  Manually defined by administrator  Sites communicate using same protocol  Connection between two sites that are logical and transitive  Represents physical network links  Manually defined by administrator  Sites communicate using same protocol

12 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES12 SITE LINK CONFIGURATION  Cost  Lower cost routes are used first.  Default is 100; range 1 to 99,999.  Schedule  Default is availability 7 days per week, 24 hours per day.  Administrator can modify to exclude certain days and hours the link is not available.  Cost  Lower cost routes are used first.  Default is 100; range 1 to 99,999.  Schedule  Default is availability 7 days per week, 24 hours per day.  Administrator can modify to exclude certain days and hours the link is not available.

13 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES13 SITE LINK CONFIGURATION  Frequency  Specifies how often the link attempts to replicate information within the specified availability (schedule)  Default is 180 minutes; range is 15 minutes to once per week  Frequency  Specifies how often the link attempts to replicate information within the specified availability (schedule)  Default is 180 minutes; range is 15 minutes to once per week

14 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES14 CREATING SITES

15 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES15 CREATING SITE LINKS

16 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES16 CONFIGURING SITE LINK PROPERTIES

17 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES17 CREATING SUBNETS

18 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES18 REPLICATION PROTOCOLS  Remote procedure call (RPC) over Internet Protocol (IP)  Default and most commonly used  Adheres to schedules by default  Synchronous; connection required  Only choice for domain controllers from same domain  Simple Mail Transfer Protocol (SMTP)  Allows asynchronous communications  Remote procedure call (RPC) over Internet Protocol (IP)  Default and most commonly used  Adheres to schedules by default  Synchronous; connection required  Only choice for domain controllers from same domain  Simple Mail Transfer Protocol (SMTP)  Allows asynchronous communications

19 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES19 REPLICATION PROTOCOLS  Doesn’t adhere to schedules by default  Requires a certificate and certificate authority (CA)  Cannot replicate domain partition information  Doesn’t adhere to schedules by default  Requires a certificate and certificate authority (CA)  Cannot replicate domain partition information

20 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES20 RPC REQUIRES A CONNECTION

21 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES21 INTRASITE VERSUS INTERSITE REPLICATION  Intrasite  Replication traffic not compressed.  Replication partners notify each other within 5 to 15 minutes of changes.  KCC automatically configures and maintains a replication ring.  RPC is used.  Intersite  Replication traffic is compressed.  Intrasite  Replication traffic not compressed.  Replication partners notify each other within 5 to 15 minutes of changes.  KCC automatically configures and maintains a replication ring.  RPC is used.  Intersite  Replication traffic is compressed.

22 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES22 INTRASITE VERSUS INTERSITE REPLICATION  Bridgehead servers notify bridgehead servers at other sites of changes every 80 minutes by default.  Site links are required for replication to occur.  Protocols used intersite can be RPC over IP or SMTP.  Bridgehead servers notify bridgehead servers at other sites of changes every 80 minutes by default.  Site links are required for replication to occur.  Protocols used intersite can be RPC over IP or SMTP.

23 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES23 DESIGNATING THE BRIDGEHEAD SERVER  ISTG automatically assigns preferred bridgehead server.  Administrator can designate preferred bridgehead servers.  Done through properties of domain controller object in Active Directory Sites And Services  Select the protocol, IP or SMTP, for which this server is to be considered a preferred bridgehead server  Allows administrator to designate that role to systems with most processing power to spare  ISTG automatically assigns preferred bridgehead server.  Administrator can designate preferred bridgehead servers.  Done through properties of domain controller object in Active Directory Sites And Services  Select the protocol, IP or SMTP, for which this server is to be considered a preferred bridgehead server  Allows administrator to designate that role to systems with most processing power to spare

24 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES24 PREFERRED BRIDGEHEAD SERVER DESIGNATION

25 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES25 SITE LINK BRIDGING  Used to allow communication over two different site links.  Bridge All Site Links is configured by default.  You can clear the Bridge All Site Links check box and configure site link bridges manually.  You cannot create a site link bridge until you have at least two site links.  Used to allow communication over two different site links.  Bridge All Site Links is configured by default.  You can clear the Bridge All Site Links check box and configure site link bridges manually.  You cannot create a site link bridge until you have at least two site links.

26 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES26 CONFIGURING SITE LINK BRIDGING

27 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES27 MANAGING REPLICATION

28 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES28 CHECK REPLICATION TOPOLOGY

29 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES29 DETERMINING THE ISTG

30 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES30 FORCING REPLICATION  Active Directory Sites And Services  Active Directory Replication Monitor (Replmon)  Repadmin/syncall contoso.com  Active Directory Sites And Services  Active Directory Replication Monitor (Replmon)  Repadmin/syncall contoso.com

31 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES31 MONITORING REPLICATION  Windows Support Tools  Microsoft Windows Server 2003 installation CD-ROM  Support\Tools folder on the CD  Dcdiag  Repadmin  Replmon  Windows Support Tools  Microsoft Windows Server 2003 installation CD-ROM  Support\Tools folder on the CD  Dcdiag  Repadmin  Replmon

32 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES32 DOMAIN CONTROLLERDIAG  Many options for diagnosing and repairing domain controller issues  Type dcdiag /? at a command prompt to see a list  Noteworthy examples  dcdiag /test:replication  dcdiag /fix  Many options for diagnosing and repairing domain controller issues  Type dcdiag /? at a command prompt to see a list  Noteworthy examples  dcdiag /test:replication  dcdiag /fix

33 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES33 REPADMIN  Command line utility for replication control and monitoring  Type repadmin /? at a command prompt to see a list  Noteworthy examples  /showreps – view replication partners  /showconn – view connections  /sync and /syncall – force replication  /showmeta – view attributes of a specific object  /showvector – check USNs for a particular naming context, also named partition  Command line utility for replication control and monitoring  Type repadmin /? at a command prompt to see a list  Noteworthy examples  /showreps – view replication partners  /showconn – view connections  /sync and /syncall – force replication  /showmeta – view attributes of a specific object  /showvector – check USNs for a particular naming context, also named partition

34 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES34 REPLMON: ACTIVE DIRECTORY REPLICATION MONITOR  Graphical utility for replication control and monitoring  Launch from Support Tools option on Start menu or by typing replmon in Run dialog box or CMD prompt  Noteworthy capabilities  Check replication topology  Force synchronization  Generate a status report to a log file  View bridgehead servers  Graphical utility for replication control and monitoring  Launch from Support Tools option on Start menu or by typing replmon in Run dialog box or CMD prompt  Noteworthy capabilities  Check replication topology  Force synchronization  Generate a status report to a log file  View bridgehead servers

35 Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES35 SUMMARY  Intrasite versus intersite replication details  Site, site link, and site link bridge creation and configuration  Intersite replication configuration options  Bridgehead servers  Protocol selection  Windows Support Tools: domain controllerdiag, Repadmin, Replmon  Intrasite versus intersite replication details  Site, site link, and site link bridge creation and configuration  Intersite replication configuration options  Bridgehead servers  Protocol selection  Windows Support Tools: domain controllerdiag, Repadmin, Replmon

Download ppt "11 WORKING WITH ACTIVE DIRECTORY SITES Chapter 3."

Similar presentations

Active Directory: Beyond The Basics

Active Directory: Beyond The Basics
Active Directory and Group Policy Blackhat Amsterdam Raymond Forbes.

Active Directory and Group Policy Blackhat Amsterdam Raymond Forbes.
Implementing and Administering AD DS Sites and Replication

Implementing and Administering AD DS Sites and Replication
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Module 8: Designing an Active Directory Site Topology.

Module 8: Designing an Active Directory Site Topology.
Lecture 8 Active Directory Structure. Domains Domains group network objects and OUs into a unit with a security boundary. By default, security policies.

Lecture 8 Active Directory Structure. Domains Domains group network objects and OUs into a unit with a security boundary. By default, security policies.
Module 10: Troubleshooting Active Directory, DNS, and Replication Issues.

Module 10: Troubleshooting Active Directory, DNS, and Replication Issues.
Module 10: Troubleshooting AD DS, DNS, and Replication Issues.

Module 10: Troubleshooting AD DS, DNS, and Replication Issues.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Introduction to Active Directory

Introduction to Active Directory
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

Similar presentations

Ads by Google