70-640_Lesson03_PPT_041009.ppt

8/10/2019 70-640_Lesson03_PPT_041009.ppt

1/40

Working with

Active Directory SitesLesson 3

8/10/2019 70-640_Lesson03_PPT_041009.ppt

2/40

Skills Matrix

Technology Skill Objective Domain Objective #

Introducing ActiveDirectory Sites

Configure sites 2.3

Configuring Active

Directory Replication

Configure Active

Directory replication

2.4

8/10/2019 70-640_Lesson03_PPT_041009.ppt

3/40

Logical Versus Physical Structure

Logical Forest

Trees

Domains OUs

Leaf objects

Physical IP Subnets/Sites

Domain Controllers

8/10/2019 70-640_Lesson03_PPT_041009.ppt

4/40

Active Directory Sites

Sites are defined by IP subnets that are wel l -

connected, which means that network

infrastructure between them is fast and reliable.

In most cases, an Active Directory site will map toa single LAN.

Multiple sites will be joined together by site links.

Intersite replication takes place along site links

that you defined within Active Directory Sitesand Services.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

5/40

Sites

When clients log on to Active Directory,they use DNS to query the Active

Directory site topology to locate the

closest available domain controller andother network resources.

Domain controllers use the site topology to

establish replication partners that provideefficiency and keep the Active Directory

database consistent.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

6/40

Default-First-Site-Name

When you install the forest root domaincontroller in an Active Directory forest, the

Active Directory Installation Wizard

creates a single site called Default-First-Site-Name.

The forest root domain controller server

object is placed within the Servers folderof this site.

The site can be renamed to more

accurately reflect a physical location.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

7/40

Default-First-Site-Name

8/10/2019 70-640_Lesson03_PPT_041009.ppt

8/40

Active Directory Replication

The process of duplicating Active Directoryinformation between domain controllers for the

purposes of fault tolerance and redundancy.

Based on a multimaster replication model, inwhich the domain controllers from each domain

participate in the replication process for that

domain.

They also replicates forest-wide schema andconfiguration information.

Active Directory sites are the means by which

administrators can control replication traffic.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

9/40


Domain controllers that reside within the samesite participate in intrasi te repl icat ion.

Transmit changes to the Active Directory

database almost as soon as they occur.

Domain controllers located in different sites will

participate in inters i te repl icat ion.

Occurs on a scheduled basis (every 15 minutes

by default). Intersite replication traffic is also compressed by

default to decrease the use of network bandwidth.

Remember the goal is to minimize bandwidth

usage.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

10/40


Remember:

Intrameans internal, such as an intranet

(your own network).

Intermeans external, such as the Internet(a conglomeration of networks).

8/10/2019 70-640_Lesson03_PPT_041009.ppt

11/40


8/10/2019 70-640_Lesson03_PPT_041009.ppt

12/40

Understanding the Replication Process

Replication within Active Directory willoccur when one of the following conditions

is met:

An object is added or removed from ActiveDirectory.

The value of an attribute has changed.

The name of an object has changed.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

13/40


To track changes from different sources anddetermine which objects need to bereplicated from one domain controller toanother, each domain controller uses the

following: Update sequence number (USN) that keepstrack of changes that are made at each DCand thus keeps track of which updates shouldbe replicated to other domain controllers.

Each Active Directory attribute has a versionID associated with it that keeps track of howmany times that attribute has been changed.

t imestamp, the time when the modification

took place.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

14/40


When replicating information between sites,Active Directory will designate a br idgeheadserver in each site to act as a gatekeeper inmanaging site-to-site replication.

Allows intersite replication to update only onedomain controller within a site (usually over aslower WAN link).

After a bridgehead server is updated, it updatesthe remainder of its domain controller partners

with the newly replicated information.Active Directory convergence describes the

amount of time that it takes for this process totake place so that all domain controllers in theenvironment contain the most up-to-date

information.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

15/40


8/10/2019 70-640_Lesson03_PPT_041009.ppt

16/40

Knowledge Consistency Checker (KCC)

Each domain controller uses an internal processcalled the Knowledge Consistency Checker

(KCC) to map the logical network topology

between the domain controllers.

For each domain controller in the site, the KCC

will select one or more repl icat ion partners for

that domain controller and will create

connect ion objects between the domaincontroller and its new replication partners.

Each connection object is a one-way connection.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

17/40

Viewing Active Directory Connection Objects

Open the Active Directory Sites andServices MMC snap-in.

Click the Sites folder, select the desired

site, and then click the Servers folder.

Expand the server name for which you

wish to view connection objects and right-

click NTDS Settings. Click Properties.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

18/40


8/10/2019 70-640_Lesson03_PPT_041009.ppt

19/40


8/10/2019 70-640_Lesson03_PPT_041009.ppt

20/40

Creating a New Site

In Active Directory Sites and Services,right-click the Sites folder and select New

Site.

In the New Object-Site dialog box, key thename for the site based on your plan.

Select the DefaultIPSiteLink from the list of

site names and click OK to complete thesite creation.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

21/40

Creating a New Subnet

In Active Directory Sites and Services,right-click the Subnets folder.

Select New Subnet from the menu.

In the New Object-Subnet dialog box,

enter the IP address and subnet mask that

correspond to the segment in your design.

Select the site you wish to associate withthis subnet and click OK.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

22/40

Creating a New Subnet

8/10/2019 70-640_Lesson03_PPT_041009.ppt

23/40

Configuring Intersite Replication

Cost

Allows the administrator to define the path that

replication will take.

If more than one path can be used to replicateinformation, cost assignments will determine

which path is chosen first.

A lower-numbered cost value will be chosen over

a higher-numbered cost value. Cost values can use a value of 1 to 99,999.

Chosen by the Active Directory administrator and

are relational only to one another.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

24/40


Schedule

The schedule of the site link object

determines when the link is available to

replicate information. By default, newly created site link objects

are available for replication 24/7.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

25/40


FrequencyA site links frequency determines how

often information will be replicated over aparticular site link.

Keep in mind that replication will take placeonly during scheduled hours.

The default replication frequency for a new

site link is 180 minutes, but it can beconfigured to take place as frequently asevery 15 minutes and as infrequently asonce per week.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

26/40

Replication Protocol

For both intrasite and intersite replication,Active Directory uses Remote ProcedureCal ls over Internet Proto co l (RPC over

IP) by default for all replication traffic.

RPC is commonly used to communicatewith network services on variouscomputers, whereas IP is responsible for

the addressing and routing of the data. RPC over IP replication keeps data secure

while in transit by using both authenticationand encryption.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

27/40


Simple Mail Transpo rt Proto co l (SMTP) is analternative solution for intersite replicationwhen a direct or reliable IP connection is notavailable.

Use asyn ch ronous repl icat ion, meaning thateach replication transaction does not need tocomplete before another can start because thetransaction can be stored until the destinationserver is available.

SMTP cannot replicate domain directorypartitions.

Requires an enterprise certification authorityCA that is full inte rated with Active

8/10/2019 70-640_Lesson03_PPT_041009.ppt

28/40


Unlike RPC over IP, SMTP does notadhere to schedules and should be used

only when replicating between different

domains over an extremely slow orunreliable WAN link.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

29/40

Creating a New Site Link Object

In Active Directory Sites and Services,expand the Inter-Site Transports folder.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

30/40

Summary of Replication Methods

8/10/2019 70-640_Lesson03_PPT_041009.ppt

31/40

Refreshing the Intrasite Replication Topology

In Active Directory Sites and Services,expand Sites, followed by the site where

you wish to run the KCC.

Expand Servers and double-click one ofthe domain controllers.

In the details pane, right-click NTDS

Settings, click All Tasks and select CheckReplication Topology.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

32/40

Determining Which Server Holds the ISTG

Role

In Active Directory Sites and Services,expand the Sites folder and then expand

the appropriate site.

In the Details pane, right-click NTDS SiteSettings and then select Properties. The

Properties page displays the server

holding the ISTG role.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

33/40

Determining Which Server Holds the ISTG

Role

To force the KCC to regenerate theintersite topology, right-click NTDS

Settings.

Click All Tasks and then select CheckReplication Topology.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

34/40

Forcing Manual Replication

In Active Directory Sites and Services,expand Sites, followed by the site thatcontains the connection for which you wishto force replication.

Locate the server in the Servers containerthat provides the connection object.

Click NTDS Settings in the console tree.

In the details pane, right-click theconnection for which you want replicationto occur and select Replicate Now.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

35/40

Monitoring Replication

Dcdiag

Repadmin

8/10/2019 70-640_Lesson03_PPT_041009.ppt

36/40

Dcdiag

A command-line tool used for monitoringActive Directory.

Perform connectivity and replication tests,

reporting errors that occur. Report DNS registration problems.

Analyze the permissions required for

replication.Analyze the state of domain controllers

within the forest.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

37/40

Repadmin

A command-line tool used for the following: To view the replication topology from the

perspective of each domain controller.

To manually create a replication topology if sitelink bridging is disabled because the network isnot fully routed.

To force replication between domain controllerswhen you need updates to occur immediatelywithout waiting for the next replication cycle.

To view the replication metadata, which is thecombination of the actual data and the up-to-datevector or USN information. This is helpful indetermining the most up-to-date information priorto seizing an operations master role.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

38/40

Summary

You learned how to define and managesites and site links.

You learned how to determine a site

strategy based on the physical networkinfrastructure.

You learned how to use Active Directory

Sites and Services to configure replication.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

39/40

Summary

You learned how to understand thedifferences between intrasite and intersite

replication.

You learned how to describe the role ofthe Intersite Topology Generator (ISTG)

and Knowledge Consistency Checker

(KCC) in site replication.

8/10/2019 70-640_Lesson03_PPT_041009.ppt

40/40

Summary

You learned how to optimize replication byconfiguring bridgehead servers and site

link bridging.

You learned how to monitor replicationusing dcdiag and repadmin.

70-640_Lesson03_PPT_041009.ppt

Documents