Sunteți pe pagina 1din 34

Module 4: Configuring

Active Directory®
Domain Sevices Sites
and Replication
Module Overview
• Overview of Active Directory Domain Services Replication

• Overview of AD DS Sites and Replication

• Configuring and Monitoring AD DS Replication


Lesson 1: Overview of Active Directory Domain
Services Replication
• How AD DS Replication Works

• How AD DS Replication Works Within a Site

• Resolving Replication Conflicts

•Optimizing Replication
• What Are Directory Partitions?

• What Is Replication Topology?

• How Directory Partitions and the Global Catalog


Are Replicated
• How the Replication Topology Is Generated

• Demonstration: Creating and Configuring


Connection Objects
How AD DS Replication Works
Active Directory replication:
• Uses a multimaster model

• Uses pull replication

• Uses store and forward replication

• Uses loose consistency with convergence

Changes that initiate replication include:

• Addition of an object to AD DS

• Modification of an object’s attribute values

• Deletion of an object from the directory


How AD DS Replication Works Within a Site

In a single site:
• Domain controllers notify replication partners when
updates are applied
• For normal updates, the change notification happens
15 seconds after the change is applied

• Notifications for security-related changes are


sent immediately

• Replication updates are not compressed


Resolving Replication Conflicts

In a multimaster replication model, replication conflicts can


arise when:
• The same attribute is changed on two domain controllers
simultaneously
• An object is moved or added to a deleted container on
another domain controller

• Two objects with the same relative distinguished name are


added to the same container on two different domain controllers

To resolve replication conflicts, AD DS uses:

• Version number • Time stamp • Server GUID


Optimizing Replication

• In a multimaster replication model, AD DS updates


can be replicated using multiple paths
• AD DS uses update sequence numbers, high watermarks,
and up-to-dateness vectors to ensure that updates
are replicated to a specific domain controller only once
What Are Directory Partitions?

Contains:
Definitions and rules for
creating and manipulating
objects and attributes

Forest Schema Information about the


Active Directory structure

Configuration
Information about domain-
Domain specific objects
<Domain>

Configurable Information about


replication applications
<Application>

Active Directory
Database
What Is Replication Topology?

A1
A1 A2
A2 B2

B1

A3
A3 A4
A4 B3

Domain controllers
Domain controllers in the Domain A Topology
Domain A Topology
from various
same domain domains
Domain B Topology
How Directory Partitions and the Global Catalog
Are Replicated

Global catalog A1 A2 B2
server

B1

Global catalog
A3 A4 B3
server

Global catalog
server
Domain controllers Domain A topology
from various domains
Domain B topology
Schema and configuration
topology
Global catalog replication
How the Replication Topology Is Generated

Active Directory uses the KCC to establish a replication path between


domain controllers

• Each domain controller has two replication partners


for each Active Directory partition

• The KCC creates two one-way connection objects


between replication partners to ensure that no two domain
controllers are ever more than three network hops away

• When a new domain controller is added to a site,


the KCC recalculates connection objects

• Connection objects can replicate one or more partitions


Demonstration: Creating and Configuring
Connection Objects
In this demonstration, you will see how to create
connection objects and configure existing connection
objects
Lesson 2: Overview of AD DS Sites
and Replication
• What Are AD DS Sites and Site Links?

• Discussion: Why Implement Additional Sites?

• Demonstration: Configuring AD DS Sites

• How Replication Works Between Sites

• Comparing Replication Within Sites and Between Sites

• Demonstration: Configuring AD DS Site Links

• What Is the Inter-site Topology Generator?

• How Unidirectional Replication Works


What Are AD DS Sites and Site Links?

Sites: A1

• Identify network A2
locations with fast,
reliable network
IP Subnet
connections
• Are associated with IP Subnet
subnet objects in
Site
AD DS

B1 B2 Site Link

B3
IP Subnet
IP Subnet
Site
Discussion: Why Implement Additional Sites?
• Why would an organization choose to implement
additional sites?
• What are the benefits and disadvantages of creating
additional sites?
Demonstration: Configuring AD DS Sites
In this demonstration, you will see how to:
• Create sites and subnets

• Move domain controllers to other sites


How Replication Works Between Sites

You can configure: A1

A2
• Replication paths
between sites
• Replication schedules
and frequency
Site
• Replication protocols

B1 B2 Site Link

B3

Site
Comparing Replication Within Sites and
Between Sites

Replication Within Sites:


A1
Assumes fast and highly
IP
IP Subnet
Subnet
reliable network links

A2 Does not compress


Replication replication traffic
IP
IP Subnet
Subnet

Uses a change notification


mechanism
A1 Replication Between Sites:
IP
IP Subnet
Subnet
Assumes limited available
Replication
Replication
A2 bandwidth and unreliable
IP
IP Subnet
Subnet network links
B1
Compresses all replication
IP
IP Subnet
Subnet traffic between sites
Replication
B2 Occurs on a manual schedule
Replication
Replication
IP
IP Subnet
Subnet
Demonstration: Configuring AD DS Site Links
In this demonstration, you will see how to:
• Configure the default site link

• Create additional site links

• Add sites to the site links


What Is the Inter-site Topology Generator?

Inter-site topology
generator
A1
Bridgehead
IP Subnet server
• The inter-site
A2
topology generator
defines the
replication between Replication

sites on a network
IP Subnet

B1
Replication
IP Subnet
B2
Inter-site
topology
generator Replication

IP Subnet
Bridgehead server
How Unidirectional Replication Works

• Unidirectional replication
ensures that changes to a
read-only domain
controller are never
replicated to any other
domain controller
Lesson 3: Configuring and Monitoring
AD DS Replication
• What Is a Bridgehead Server?

• Demonstration: Configuring Bridgehead Servers

• Demonstration: Configuring Replication Availability


and Scheduling
• What Is Site Link Bridging?

• Demonstration: Modifying Site Link Bridges

• What Is Universal Group Membership Caching?

• Demonstration: Configuring Universal Group


Membership Caching
• Demonstration: Tools for Monitoring and
Managing Replication
What Is a Bridgehead Server?

A bridgehead server:
Bridgehead Server
IP Subnet
• Sends and receives
A1
replicated data
• Is designated for IP Subnet
each partition in
the site

Replication

IP Subnet

IP Subnet B1

Bridgehead Server
Demonstration: Configuring Bridgehead Servers
In this demonstration, you will see how to configure
bridgehead servers
Demonstration: Configuring Replication
Availability and Frequency
In this demonstration, you will see how to configure the site
link object to manage replication between sites
What Is Site Link Bridging?

B1 B2

B3
IP Subnet
IP Subnet

Site Link Site B Site Link


AB BC

Site Link
Bridge
A1 C2

A2 C1

Site A Site C
IP Subnet IP Subnet
IP Subnet IP Subnet
Demonstration: Modifying Site Link Bridges
In this demonstration, you will see how to:
• Disable site link bridging

• Create a new site link bridge


What Is Universal Group Membership Caching?

Global Catalog
Server
A1
Bridgehead
• Enables domain IP Subnet
server
controllers in a site A2
with no global
catalog servers to
cache universal
group membership IP Subnet

IP Subnet B1

IP Subnet
Bridgehead server
Demonstration: Configuring Universal Group
Membership Caching
In this demonstration, you will see how to:
• Configure universal group membership caching for a site

• Configure the source for caching


Demonstration: Tools for Monitoring and
Managing Replication
In this demonstration you will see how to:
• Identify the domain controller holding the ISTG role

• Force the KCC to run, and then to force replication

• Use Repadmin, NLTest, and DCDiag


Lab: Configuring Active Directory Sites and
Replication
• Exercise 1: Configuring AD DS Sites and Subnets

• Exercise 2: Configuring AD DS Replication

• Exercise 3: Monitoring AD DS Replication

Logon information
Virtual machine NYC-DC1, LON-DC1,
MIA-RODC, NYC-RAS

User name Administrator


Password Pa$$w0rd

Estimated time: 60 minutes


Lab Review
• What additional changes would you need to make to the
AD DS site configuration if you needed to ensure that all
replication traffic in the New-York site passed through
NYC-DC2?
• What additional changes would you need to make if you
implemented another WAN connection between Tokyo and
London, and wanted to use that WAN connection for AD
DS replication instead of routing all replication changes
through NewYork-Site?
• Why did you force the domain controllers in the lab to
update their IP addresses in DNS?
Module Review and Takeaways
• Review questions

• Considerations for configuring AD DS sites and replication

• Tools