Module 7: Implementing Sites to Manage Active Directory Replication

Overview Introduction to Active Directory Replication Creating and Configuring Sites Managing Site Topology Troubleshooting Replication Failures Planning a Site

Lesson: Introduction to Active Directory Replication Multimedia: Replication Within Sites Replication of Linked Multivalued Attributes What Are Directory Partitions? What Is Replication Topology? Automatic Generation of Replication Topology Global Catalog and Replication of Partitions

Multimedia: Replication Within Sites

Replication of Linked Multivalued Attributes Forest functional level What happens? < Windows Server 2003 Change triggers replication of the entire membership list = Windows Server 2003 Replication occurs by individual value instead of the whole attribute Replication of linked multivalued attributes depends on the forest functional level

What Are Directory Partitions? Active Directory Database Configurable replication Domain Forest Schema Configuration Definitions and rules for creating and manipulating objects and attributes Information about the Active Directory structure Information about domain- specific objects Information about applications Contains:

What Is Replication Topology? Domain Controllers from the Same Domain A1A2 A3A4 Domain A Topology Schema and Configuration Topology Domain A Topology Domain B Topology Schema and Configuration Topology A1A2 A3A4 B1 B2 B3 Domain Controllers from Various Domains

Automatic Generation of Replication Topology A1 A2 A7 A6 A3 A5 A4 KCC A8 KCC Automatic Generation of Replication Topology

Global Catalog and Replication of Partitions Partial Directory Partition Replica Schema Configuration Global Catalog Server Holds read only copy of all domain directory partitions contoso.msft namerica.contoso.msft A1A2 A3A4 B1 B2 B3 Domain A Topology Schema/Config Topology Domain A Topology Domain B Topology Schema and Configuration Topology

Practice: Introduction to Active Directory Replication In this practice, you will examine the Active Directory replication configuration

Lesson: Creating and Configuring Sites What Are Sites and Subnet Objects? What Are Site Links? Replication Within Sites vs. Replication Between Sites How to Create and Configure Sites and Subnets How to Create and Configure Site Links Why Disable Default Bridging of All Site Links? How to Create a Site Link Bridge

What Are Sites and Subnet Objects? Active Directory Sites and Services Console Window Help Active View Tree Active Directory Sites and Services Sites Default-First-Site-Name Servers Inter-Site Transports Subnets Site Inter-Site Transport Container Site Subnets Container NameType Redmond-Site Default-First-Site-Name Inter-Site Transports Redmond-Site Subnets DENVER NTDS Settings Default-First-Site-Name Redmond-Site B1 A1 IP Subnet

What Are Site Links? Site IP Subnet A1A2 RPC or SMTP Site Link IP Subnet Site B3B1B2 Cost A site link: Enables replication traffic between sites Represents the physical connection between sites Enables replication traffic between sites Represents the physical connection between sites

Replication Within Sites vs. Replication Between Sites Replication Within Sites: Assumes fast and highly reliable network links Does not compress replication traffic Uses a change notification mechanism Replication Between Sites: Assumes limited available bandwidth and unreliable network links Compresses all replication traffic between sites Occurs on a manual schedule IP Subnet A1 A2 IP Subnet Replication IP Subnet A1 A2 IP Subnet Replication IP Subnet B1 B2 IP Subnet Replication

How to Create and Configure Sites and Subnets Your instructor will demonstrate how to: Create a site Create a subnet object Associate a site with a subnet object Move a domain controller to a different site Delegate control of a site Create a site Create a subnet object Associate a site with a subnet object Move a domain controller to a different site Delegate control of a site

How to Create and Configure Site Links Your instructor will demonstrate how to: Create a site link Configure site link properties Create a site link Configure site link properties

Why Disable Default Bridging of All Site Links? IP Subnet Site B IP Subnet Site A IP Subnet A1 A2 Site Link Bridge B2 Site Link BC Site Link AB B1 B3 C2 C1 Site C

How to Create a Site Link Bridge Your instructor will demonstrate how to: Disable default bridging of all site links Create a new site link bridge Disable default bridging of all site links Create a new site link bridge

Practice: Creating and Configuring Sites In this practice, you will:  Create IP subnet and site objects  Associate subnet objects with sites  Move server objects into the site  Create IP site links between sites  Configure the replication cost, schedule, and interval of the links

Lesson: Managing Site Topology What Is a Bridgehead Server? What Is the Intersite Topology Generator? How to Create a Preferred Bridgehead Server How to Refresh the Replication Topology How to Force Replication over a Connection

What Is a Bridgehead Server? A bridgehead server: Sends and receives replicated data Is designated for each partition in the site Sends and receives replicated data Is designated for each partition in the site IP Subnet A1 Bridgehead Server Replication IP Subnet B1 Bridgehead Server

What Is the Intersite Topology Generator? IP Subnet A1 A2 Bridgehead Server Replication B2 Bridgehead Server B1 Replication IP Subnet Replication IP Subnet Intersite Topology Generator Intersite topology generator defines the replication between sites on a network

How to Create a Preferred Bridgehead Server Your instructor will demonstrate how to create a preferred bridgehead server

How to Refresh the Replication Topology Your instructor will demonstrate how to: Determine what domain controller holds the intersite topology generator role in the site Force the KCC to run Determine what domain controller holds the intersite topology generator role in the site Force the KCC to run

How to Force Replication over a Connection Your instructor will demonstrate how to force replication over a connection

Practice: Manually Initiating Replication In this practice, you will:  View the current connection objects  Delete an automatically generated connection object  Refresh the replication topology  Verify that Active Directory recreated the connection object

Lesson: Troubleshooting Replication Failures Common Replication Problems What Is Replication Monitor? How to Configure Replication Monitor What Is the Repadmin Tool? What Is the Dcdiag Tool? How to Determine the Cause of a Problem How to Resolve Replication Problems

Common Replication Problems Symptom Possible causes Replication does not finish or occur Sites not connected by site links No bridgehead server in the site Replication is slow Inefficient site topology and schedule Client computers receive a slow response No domain controller online in client site Not enough domain controllers Replication greatly increases network traffic Insufficient bandwidth Incorrect site topology The KCC cannot complete the topology Exception in the KCC

What Is Replication Monitor? Replication Monitor Displays: Replication topology Replicating partner USN values Number of failed attempts Flags Displays: Replication topology Replicating partner USN values Number of failed attempts Flags Polls the server at an administrator- defined interval Monitors the count of failed replication attempts Triggers the KCC to recalculate the replication topology Synchronizes partitions between two domain controllers Shows which objects have not been replicated

How to Configure Replication Monitor Your instructor will demonstrate how to configure Replication Monitor

What Is the Repadmin Tool? Use the Repadmin command-line tool to: View and manually create the replication topology Force replication events between domain controllers View the replication metadata View and manually create the replication topology Force replication events between domain controllers View the replication metadata Syntax: repadmin command arguments [/u:[domain\]user pw:{password|*}]

What Is the Dcdiag Tool? Use the Dcdiag command-line tool to: Analyze the state of a domain controller and report any problems Perform a series of tests to verify different areas of the system Analyze the state of a domain controller and report any problems Perform a series of tests to verify different areas of the system Syntax: dcdiag command arguments [/v /f:LogFile /ferr:ErrLog ]

How to Determine the Cause of the Problem Possible causes Testing method Sites are not connected by site links Dcdiag /test:Topology No bridgehead server in the site Repadmin /bridgeheads Inefficient site topology and schedule Repadmin /latency No domain controller online in the site Dcdiag /test:Replication Dcdiag /test:Connectivity Not enough domain controllers System monitor NTDS counters Incorrect site topology Active Directory Sites and Services Repadmin /latency Dcdiag /test:Intersite Exception in the KCC Dcdiag /test:kccevent

How to Resolve Replication Problems Cause Resolution method Sites are not connected by site links Create and configure site links No bridgehead server in the site Add or remove domain controllers from the preferred bridgehead server list Inefficient site topology and schedule Modify the site topology and schedule No domain controller online in the site Install or fix domain controllers Not enough domain controllers Install additional domain controllers Incorrect site topology Modify the site topology Ensure site links match WAN links Exception in the KCC Enable KCC logging Run Repadmin /kcc

Practice: Troubleshooting Replication Failures In this practice, you will use the Repadmin and Dcdiag command-line tools to examine the status of replication and to test the functionality of your domain controller

Lesson: Planning a Site Overview of the Site Planning Process Guidelines for Determining Schedule, Interval, and Protocol of Site Links Guidelines for Determining the Need for Site Link Bridges Guidelines for Determining the Requirements for Bridgehead Servers Guidelines for Securing Active Directory Replication

Overview of the Site Planning Process Site topology design document Number and location of sites in the organization Site links to connect each site Availability requirements for sites Number of users Site security policies Number and location of sites in the organization Site links to connect each site Availability requirements for sites Number of users Site security policies Site topology planning document Site link schedule and duration Site link bridges Preferred bridgehead servers Subnet objects Domain controllers in sites Site link schedule and duration Site link bridges Preferred bridgehead servers Subnet objects Domain controllers in sites

Guidelines for Determining the Schedule, Interval, and Protocol of Site Links Determine site link schedules Determine the site link interval Determine the site link protocol

Guidelines for Determining the Need for Site Link Bridges Create site link bridges when: Your IP network is not fully routed The domain controllers do not connect to all other domain controllers in the forest There are many sites, and the forest functional level is not Windows Server 2003

Guidelines for Determining the Requirements for Bridgehead Servers Create multiple bridgehead servers for multiple directory partitions Use preferred bridgehead servers to exclude specific domain controllers from being bridgehead servers Create a list of preferred bridgehead servers based on which server you want the intersite topology generator to use

Guidelines for Securing Active Directory Replication Validate and authenticate a trust Use a specific port or protocol for each directory service Limit the range of RPC ports Establish an explicit trust between domains

Practice: Planning a Site In this practice, you will:  Determine the site link schedule and duration for the new site link  Determine the configuration for a site link bridge and a preferred bridgehead server

Lab A: Implementing Sites to Manage Active Directory Replication Creating a Replica Domain Controller Creating and Configuring a Site for Your Domain Troubleshooting Replication Between Sites