Presentation is loading. Please wait.

Presentation is loading. Please wait.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 7: Active Directory Replication.

Published byMaximilian O’Brien’ Modified over 8 years ago

Similar presentations

Presentation on theme: "70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 7: Active Directory Replication."— Presentation transcript:

1 70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 7: Active Directory Replication

2 Guide to MCSE 70-294, Enhanced2 Objectives Describe how Active Directory identifies data that needs to be replicated Describe how the Active Directory replication topology is generated Describe and control when Active Directory replication occurs

3 Guide to MCSE 70-294, Enhanced3 Objectives (continued) Monitor and troubleshoot Active Directory replication Describe SYSVOL and how its replication differs from Active Directory replication

4 Guide to MCSE 70-294, Enhanced4 Identifying Data to Replicate Active Directory uses multi-master model Changes made on any DC Replicated to all DCs Replication is performed at attribute level Not object level Replication involves two types of updates: Originating updates Replicated updates

5 Guide to MCSE 70-294, Enhanced5 Identifying Data to Replicate (continued) Originating update: Change made on local domain controller Replicated update Change made through replication Update Sequence Numbers (USNs) Used to track changes Unique for each DC

6 Guide to MCSE 70-294, Enhanced6 Identifying Data to Replicate (continued) Update Sequence Numbers (USNs) Incremented by one when change is made Updated object and attributes are stamped with USN Comparing USNs from different domain controllers is meaningless Is possible for two domain controllers in same domain to show different information Caused by latency

7 Guide to MCSE 70-294, Enhanced7 Identifying Data to Replicate (continued) Convergence All DCs have same data Replication is complete For the moment

8 Guide to MCSE 70-294, Enhanced8 Identifying Domain Controllers Identifiers for domain controller: Domain controller’s computer account Records registered in DNS NTDS Settings Server object Server GUID Database GUID

9 Guide to MCSE 70-294, Enhanced9 Update Sequence Number 64-bit number Used to identify changes to data Each object has: usnCreated Set when object created usnChanged Set every time object is updated

10 Guide to MCSE 70-294, Enhanced10 Update Sequence Number (continued) Each attribute of object has two USNs: USN for local domain controller USN from domain controller that performed originating write operation

11 Guide to MCSE 70-294, Enhanced11 Creation of New User Account

12 Guide to MCSE 70-294, Enhanced12 Replication of New User Account

13 Guide to MCSE 70-294, Enhanced13 Updating Attribute of User Account

14 Guide to MCSE 70-294, Enhanced14 Replicating Change of User Account’s Attribute

15 Guide to MCSE 70-294, Enhanced15 High-watermark Value Used to identify which objects may need to be replicated Table on each domain controller Stores highest USN from each of replication partners Source domain controller sends updates Starting with object that has lowest usnChanged value

16 Guide to MCSE 70-294, Enhanced16 High-watermark Value (continued)

17 Guide to MCSE 70-294, Enhanced17 High-watermark Value (continued)

18 Guide to MCSE 70-294, Enhanced18 Up-to-dateness Vector Helps source domain controller filter out attributes that do not need to be replicated Table on each domain controller Stores highest originating USN Based on all possible sources of original updates to a single destination

19 Guide to MCSE 70-294, Enhanced19 Up-to-dateness Vector (continued)

20 Guide to MCSE 70-294, Enhanced20 Determining Which Attributes Need to be Replicated

21 Guide to MCSE 70-294, Enhanced21 Propagation Dampening Up-to-dateness vector can be used to provide propagation dampening

22 Guide to MCSE 70-294, Enhanced22 Propagation Dampening (continued)

23 Guide to MCSE 70-294, Enhanced23 Propagation Dampening (continued)

24 Guide to MCSE 70-294, Enhanced24 Propagation Dampening (continued)

25 Guide to MCSE 70-294, Enhanced25 Propagation Dampening (continued)

26 Guide to MCSE 70-294, Enhanced26 Conflict Resolution Problems occur When changes are made to same object at the same time on different domain controllers Replicating at the attribute level minimizes replication conflicts

27 Guide to MCSE 70-294, Enhanced27 Conflict Resolution (continued) Attribute conflicts resolved using: Version Timestamp Originating DSA GUID Move under deleted parent Object automatically moved to “lost and found” container

28 Guide to MCSE 70-294, Enhanced28 Conflict Resolution (continued) New object name conflict Two objects are created with same relative distinguished name One object is renamed To system-wide unique value Object with higher version number keeps name

29 Guide to MCSE 70-294, Enhanced29 Determining Replication Topology Replication topology Combination of paths used to replicate changes between domain controllers Every naming context has its own Connection object Identifies replication partners Unidirectional Does not specify individual naming context

30 Guide to MCSE 70-294, Enhanced30 Determining Replication Topology (continued) Intra-site replication Process of updating domain controllers within same site Inter-site replication Process of updating domain controllers between sites

31 Guide to MCSE 70-294, Enhanced31 Connection Objects Logical construct Provide representation of connection between two or more domain controllers Created in one of two ways Automatically by: Knowledge Consistency Checker (KCC) Inter-Site Topology Generator (ISTG) Manually by: Active Directory administrator

32 Guide to MCSE 70-294, Enhanced32 Connection Objects (continued) KCC does not optimize any connection objects created using a manual process Administrator wholly responsible for maintaining manual connections in the event of misconfiguration issues or unavailability

33 Guide to MCSE 70-294, Enhanced33 Activity 7-1: Manually Creating Connections Objective: This exercise is designed to familiarize you with the process of manually creating replication connection objects Manually create a connection using Active Directory Sites and Services

34 Guide to MCSE 70-294, Enhanced34 Intra-site Replication KCC is responsible for the replication topology within a site Checks replication topology every 15 minutes Attempts to create a replication topology made up of bidirectional ring Adds additional connection objects to ensure that no more than three hops are required

35 Guide to MCSE 70-294, Enhanced35 Example Bidirectional Ring Replication Topology with Additional Connectors

36 Guide to MCSE 70-294, Enhanced36 Global Catalog Replication Global catalog Holds partial read-only replica of domain naming context for each domain in forest Topology generated for replicating domain’s master replicas is used Connection objects are added to connect read-only replicas to topology

37 Guide to MCSE 70-294, Enhanced37 Inter-site Replication One domain controller in each site is designated as ISTG Oldest server in site by default Responsible for creating connection objects with domain controllers located in other sites Attempts to create minimum number of connections Also responsible (by default) for choosing bridgehead server

38 Guide to MCSE 70-294, Enhanced38 Bridgehead Server Used to designate particular domain controller for replication purposes Has historical (Windows NT) origin Functions as single point of contact in site for given naming context All replication traffic between bridgehead servers at each site

39 Guide to MCSE 70-294, Enhanced39 Bridgehead Server (continued)

40 Guide to MCSE 70-294, Enhanced40 Controlling Replication Frequency Main factors that control replication frequency Location of replication partners Type of data being replicated

41 Guide to MCSE 70-294, Enhanced41 Intra-site Replication Schedule Based on a notify-pull process Begins when object is modified at domain controller Replication partner pulls updates from source domain controller Maximum time for update to propagate approximately 45 seconds Traffic not compressed by default

42 Guide to MCSE 70-294, Enhanced42 Inter-site Replication Schedule Time-based Replicating changes at set intervals Default: Every 3 hours Data compressed by default Replication schedule/replication interval can be set

43 Guide to MCSE 70-294, Enhanced43 Example Site Link Replication Schedule and Interval

44 Guide to MCSE 70-294, Enhanced44 Urgent Replication Occurs immediately within site Between sites: Will still observe normal replication intervals and restrictions Trigger events: Account lockout Changing certain policies Local Security Authority (LSA) secret change RID master role assigned to new server

45 Guide to MCSE 70-294, Enhanced45 Password Replication Important for passwords to be synchronized between domain controllers Password changes are replicated differently than urgent or nonurgent replication PDC emulator One domain controller in domain

46 Guide to MCSE 70-294, Enhanced46 Password Replication (continued) Password change replicated immediately to the PDC emulator On failed logon Authenticating domain controller forwards authentication request to PDC emulator PDC emulator attempts to authenticate user

47 Guide to MCSE 70-294, Enhanced47 Monitoring and Troubleshooting Replication Symptoms of replication failure include Log-on failure Other inconsistencies in Active Directory Most problems with Active Directory replication are caused by: Administrator error Network infrastructure glitches

48 Guide to MCSE 70-294, Enhanced48 Monitoring and Troubleshooting Replication (continued) Active Directory Replication Monitor Monitor replication traffic between domain controllers Display a list of domain controllers in a domain Verify replication topology Manually force replication Check a domain controller’s current USN and unreplicated objects Display bridgehead servers and trusts

49 Guide to MCSE 70-294, Enhanced49 SYSVOL Folder called sysvol Created during the promotion of domain controller Used to share files containing scripts, etc. Stored in %SYSTEMROOT%\SYSVOL\ by default File Replication Service (FRS) Used to replicate changes in SYSVOL

50 Guide to MCSE 70-294, Enhanced50 SYSVOL Replication SYSVOL replication independent from Active Directory object replication Uses File Replication Service (FRS) FRS configures replication topology to match connection objects of domain controller Inter-site replication frequency controlled by schedule on replication partner’s connection object

51 Guide to MCSE 70-294, Enhanced51 Troubleshooting SYSVOL Replication Check File Replication Service event log Confirm that domain controllers can resolve fully qualified domain names (FQDNs) of replication partners Confirm File Replication Service is started Check for sufficient disk space Check that file(s) are not being filtered out by FRS

52 Guide to MCSE 70-294, Enhanced52 Summary Active Directory uses multi-master model for replication Active Directory uses system based on update sequence numbers Are unique for each domain controller Replication topology for intra-site replication is created by KCC Replicating attribute-level changes minimizes replication conflicts

53 Guide to MCSE 70-294, Enhanced53 Summary (continued) Use Active Directory Replication Monitor to view both intra-site and inter-site replication information SYSVOL is a share available on every domain controller in a domain Used to store files such as logon scripts

Download ppt "70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 7: Active Directory Replication."

Similar presentations

Active Directory and Group Policy Blackhat Amsterdam Raymond Forbes.

Active Directory and Group Policy Blackhat Amsterdam Raymond Forbes.
Implementing and Administering AD DS Sites and Replication

Implementing and Administering AD DS Sites and Replication
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Lecture 8 Active Directory Structure. Domains Domains group network objects and OUs into a unit with a security boundary. By default, security policies.

Lecture 8 Active Directory Structure. Domains Domains group network objects and OUs into a unit with a security boundary. By default, security policies.
Module 10: Troubleshooting Active Directory, DNS, and Replication Issues.

Module 10: Troubleshooting Active Directory, DNS, and Replication Issues.
Module 10: Troubleshooting AD DS, DNS, and Replication Issues.

Module 10: Troubleshooting AD DS, DNS, and Replication Issues.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Introduction to Active Directory

Introduction to Active Directory
13.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

13.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.

Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Vikram Thakur Introduction to Active Directory Structure.

Vikram Thakur Introduction to Active Directory Structure.
1 Chapter Overview Creating Sites and Subnets Configuring Intersite Replication Troubleshooting Active Directory Replication.

1 Chapter Overview Creating Sites and Subnets Configuring Intersite Replication Troubleshooting Active Directory Replication.

Similar presentations

Ads by Google