11 WORKING WITH ACTIVE DIRECTORY SITES Chapter 3.

Slides:



Advertisements
Similar presentations
Active Directory: Beyond The Basics
Advertisements

Active Directory and Group Policy Blackhat Amsterdam Raymond Forbes.
Implementing and Administering AD DS Sites and Replication
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Module 8: Designing an Active Directory Site Topology.
Lecture 8 Active Directory Structure. Domains Domains group network objects and OUs into a unit with a security boundary. By default, security policies.
Module 10: Troubleshooting Active Directory, DNS, and Replication Issues.
Module 10: Troubleshooting AD DS, DNS, and Replication Issues.
Chapter 6 Introducing Active Directory
Introduction to Active Directory
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.
3.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Understanding Active Directory
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
1 Chapter Overview Creating Sites and Subnets Configuring Intersite Replication Troubleshooting Active Directory Replication.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 10: Configuring and Maintaining the Active Directory Infrastructure.
Chapter 4: Active Directory Design and Security Concepts
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 7: Active Directory Replication.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Module 7: Implementing Sites to Manage Active Directory Replication.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Active Directory Boundaries - Purpose Replication Boundaries Security Boundaries.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Two Installing and Configuring Exchange Server 2003.
Company Confidential 1 A Course on Global Catalog And Flexible Single Master Operations (Fsmo) Roles Prepared for: *Stars* New Horizons Certified Professional.
1 Week 8 – Manage Sites and Replication Configure Sites and Subnets Configure the Global Catalog and Application Partitions Configure Replication.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Working with Active Directory Sites BAI516. Logical Versus Physical Structure Logical Forest Trees Domains OUs Leaf objects Physical IP Subnets/Sites.
Working with Active Directory Sites Lesson 3. Skills Matrix Technology SkillObjective DomainObjective # Introducing Active Directory Sites Configure sites2.3.
Global Catalog and Flexible Single Master Operations (FSMO) Roles
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Five Managing Addresses.
10.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 10: Planning.
Working with Active Directory Sites Lesson 3. Skills Matrix Technology SkillObjective DomainObjective # Introducing Active Directory Sites Configure sites2.3.
Windows Server 2003 站台設定與管理
Module 4: Configuring Active Directory Sites and Replication.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
70-412: Configuring Advanced Windows Server 2012 services
1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management.
OVERVIEW OF ACTIVE DIRECTORY
Introduction to Active Directory
1 Configuring Sites Configuring Site Settings Configuring Inter-Site Replication Troubleshooting Replication Maintaining Server Settings.
Global Catalog and Flexible Single Master Operations (FSMO) Roles BAI516.
Unit 4 NT1330 Client-Server Networking II Date: 1/13/2016
Module 4: Configuring Active Directory ® Domain Sevices Sites and Replication.
11 GLOBAL CATALOG AND FLEXIBLE SINGLE MASTER OPERATIONS (FSMO) ROLES Chapter 4.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 6: Active Directory Physical Design.
Module 11: Managing Active Directory Replication.
Working with Active Directory Sites Lesson 3. Logical Versus Physical Structure Logical Forest Trees Domains OUs Leaf objects Physical IP Subnets/Sites.
Module Overview Installing and Configuring a Network Policy Server
Active Directory and Group Policy
Active Directory Replication
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Presentation transcript:

11 WORKING WITH ACTIVE DIRECTORY SITES Chapter 3

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES2 INTRODUCING SITES  Logical structure can be seen in Active Directory Users And Computers.  Physical network structure affects the efficiency of Active Directory replication.  Up to the administrator to create sites in Active Directory Sites And Services.  Sites are used to control Active Directory replication and authentication traffic.  Only site created by default is the Default-First- Site-Name.  Logical structure can be seen in Active Directory Users And Computers.  Physical network structure affects the efficiency of Active Directory replication.  Up to the administrator to create sites in Active Directory Sites And Services.  Sites are used to control Active Directory replication and authentication traffic.  Only site created by default is the Default-First- Site-Name.

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES3 SITES AND SITE LINKS  Sites are typically composed of fast and reliably connected computers.  Criteria for fast and reliable are up to the administrator.  Sites are independent of the domain structure.  Domain computer accounts can be spread over multiple sites.  Sites can contain resources from multiple domains.  Sites are typically composed of fast and reliably connected computers.  Criteria for fast and reliable are up to the administrator.  Sites are independent of the domain structure.  Domain computer accounts can be spread over multiple sites.  Sites can contain resources from multiple domains.

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES4 SITES AND SITE LINKS  Although sites can be added, modified, and deleted at any time, planning the site structure before installing Active Directory saves you time.  Default-First-Site-Name site is default location for domain controllers.  First domain controller is always placed into this site.  Other domain controllers are placed here, if appropriate site definitions aren’t available.  If sites are created appropriately, newly installed domain controllers are automatically placed in the appropriate site.  Although sites can be added, modified, and deleted at any time, planning the site structure before installing Active Directory saves you time.  Default-First-Site-Name site is default location for domain controllers.  First domain controller is always placed into this site.  Other domain controllers are placed here, if appropriate site definitions aren’t available.  If sites are created appropriately, newly installed domain controllers are automatically placed in the appropriate site.

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES5 SITES AND THE REPLICATION PROCESS  Replication topology describes the logical connections made between domain controllers for replication.  Replication is the transfer of directory information updates.  Object additions or removals  Object attribute changes  Object renames  Replication topology describes the logical connections made between domain controllers for replication.  Replication is the transfer of directory information updates.  Object additions or removals  Object attribute changes  Object renames

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES6 SITES AND THE REPLICATION PROCESS  Tracking replication changes.  Update Sequence Number (USN)  Timestamp  Bridgehead server controls replication changes between sites.  Compares USN for recent changes  Uses timestamp if modifications carry the same USN  Convergence occurs when all changes are updated.  Tracking replication changes.  Update Sequence Number (USN)  Timestamp  Bridgehead server controls replication changes between sites.  Compares USN for recent changes  Uses timestamp if modifications carry the same USN  Convergence occurs when all changes are updated.

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES7 INTRASITE REPLICATION OVERVIEW  Knowledge consistency checker (KCC)  Creates initial replication topology (replication ring)  Creates connection objects between domain controllers  Process that runs on each domain controller  Active Directory replicates four partitions  Domain (domain-wide)  Schema (forest-wide)  Configuration (forest-wide)  Application Data (depends on configuration)  Knowledge consistency checker (KCC)  Creates initial replication topology (replication ring)  Creates connection objects between domain controllers  Process that runs on each domain controller  Active Directory replicates four partitions  Domain (domain-wide)  Schema (forest-wide)  Configuration (forest-wide)  Application Data (depends on configuration)

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES8 INTRASITE REPLICATION DETAILS  KCC runs every 15 minutes to ensure replication topology is efficient.  Intrasite replication latency is minimized in these ways:  KCC creates a bidirectional Replication Ring  KCC ensures no more than three replication hops between any two domain controllers by adding additional connections as needed  Replication traffic is not compressed  KCC runs every 15 minutes to ensure replication topology is efficient.  Intrasite replication latency is minimized in these ways:  KCC creates a bidirectional Replication Ring  KCC ensures no more than three replication hops between any two domain controllers by adding additional connections as needed  Replication traffic is not compressed

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES9 INTRASITE REPLICATION DETAILS  Intrasite replication latency is 15 minutes by default, but there is urgent replication for important changes.  Multiple domains in a single site.  Each domain maintains a separate domain partition replication topology.  Forest-wide replication is not conducted separately, because this information is sent to all domains in the forest.  Intrasite replication latency is 15 minutes by default, but there is urgent replication for important changes.  Multiple domains in a single site.  Each domain maintains a separate domain partition replication topology.  Forest-wide replication is not conducted separately, because this information is sent to all domains in the forest.

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES10 INTERSITE REPLICATION  Designed to control replication traffic over slow WAN links.  KCC designates one domain controller per site to be the Intersite Topology Generator (ISTG).  ISTG designates the bridgehead server.  Site links are used to define the intersite replication topology.  Designed to control replication traffic over slow WAN links.  KCC designates one domain controller per site to be the Intersite Topology Generator (ISTG).  ISTG designates the bridgehead server.  Site links are used to define the intersite replication topology.

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES11 INTERSITE REPLICATION: SITE LINKS  Connection between two sites that are logical and transitive  Represents physical network links  Manually defined by administrator  Sites communicate using same protocol  Connection between two sites that are logical and transitive  Represents physical network links  Manually defined by administrator  Sites communicate using same protocol

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES12 SITE LINK CONFIGURATION  Cost  Lower cost routes are used first.  Default is 100; range 1 to 99,999.  Schedule  Default is availability 7 days per week, 24 hours per day.  Administrator can modify to exclude certain days and hours the link is not available.  Cost  Lower cost routes are used first.  Default is 100; range 1 to 99,999.  Schedule  Default is availability 7 days per week, 24 hours per day.  Administrator can modify to exclude certain days and hours the link is not available.

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES13 SITE LINK CONFIGURATION  Frequency  Specifies how often the link attempts to replicate information within the specified availability (schedule)  Default is 180 minutes; range is 15 minutes to once per week  Frequency  Specifies how often the link attempts to replicate information within the specified availability (schedule)  Default is 180 minutes; range is 15 minutes to once per week

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES14 CREATING SITES

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES15 CREATING SITE LINKS

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES16 CONFIGURING SITE LINK PROPERTIES

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES17 CREATING SUBNETS

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES18 REPLICATION PROTOCOLS  Remote procedure call (RPC) over Internet Protocol (IP)  Default and most commonly used  Adheres to schedules by default  Synchronous; connection required  Only choice for domain controllers from same domain  Simple Mail Transfer Protocol (SMTP)  Allows asynchronous communications  Remote procedure call (RPC) over Internet Protocol (IP)  Default and most commonly used  Adheres to schedules by default  Synchronous; connection required  Only choice for domain controllers from same domain  Simple Mail Transfer Protocol (SMTP)  Allows asynchronous communications

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES19 REPLICATION PROTOCOLS  Doesn’t adhere to schedules by default  Requires a certificate and certificate authority (CA)  Cannot replicate domain partition information  Doesn’t adhere to schedules by default  Requires a certificate and certificate authority (CA)  Cannot replicate domain partition information

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES20 RPC REQUIRES A CONNECTION

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES21 INTRASITE VERSUS INTERSITE REPLICATION  Intrasite  Replication traffic not compressed.  Replication partners notify each other within 5 to 15 minutes of changes.  KCC automatically configures and maintains a replication ring.  RPC is used.  Intersite  Replication traffic is compressed.  Intrasite  Replication traffic not compressed.  Replication partners notify each other within 5 to 15 minutes of changes.  KCC automatically configures and maintains a replication ring.  RPC is used.  Intersite  Replication traffic is compressed.

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES22 INTRASITE VERSUS INTERSITE REPLICATION  Bridgehead servers notify bridgehead servers at other sites of changes every 80 minutes by default.  Site links are required for replication to occur.  Protocols used intersite can be RPC over IP or SMTP.  Bridgehead servers notify bridgehead servers at other sites of changes every 80 minutes by default.  Site links are required for replication to occur.  Protocols used intersite can be RPC over IP or SMTP.

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES23 DESIGNATING THE BRIDGEHEAD SERVER  ISTG automatically assigns preferred bridgehead server.  Administrator can designate preferred bridgehead servers.  Done through properties of domain controller object in Active Directory Sites And Services  Select the protocol, IP or SMTP, for which this server is to be considered a preferred bridgehead server  Allows administrator to designate that role to systems with most processing power to spare  ISTG automatically assigns preferred bridgehead server.  Administrator can designate preferred bridgehead servers.  Done through properties of domain controller object in Active Directory Sites And Services  Select the protocol, IP or SMTP, for which this server is to be considered a preferred bridgehead server  Allows administrator to designate that role to systems with most processing power to spare

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES24 PREFERRED BRIDGEHEAD SERVER DESIGNATION

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES25 SITE LINK BRIDGING  Used to allow communication over two different site links.  Bridge All Site Links is configured by default.  You can clear the Bridge All Site Links check box and configure site link bridges manually.  You cannot create a site link bridge until you have at least two site links.  Used to allow communication over two different site links.  Bridge All Site Links is configured by default.  You can clear the Bridge All Site Links check box and configure site link bridges manually.  You cannot create a site link bridge until you have at least two site links.

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES26 CONFIGURING SITE LINK BRIDGING

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES27 MANAGING REPLICATION

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES28 CHECK REPLICATION TOPOLOGY

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES29 DETERMINING THE ISTG

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES30 FORCING REPLICATION  Active Directory Sites And Services  Active Directory Replication Monitor (Replmon)  Repadmin/syncall contoso.com  Active Directory Sites And Services  Active Directory Replication Monitor (Replmon)  Repadmin/syncall contoso.com

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES31 MONITORING REPLICATION  Windows Support Tools  Microsoft Windows Server 2003 installation CD-ROM  Support\Tools folder on the CD  Dcdiag  Repadmin  Replmon  Windows Support Tools  Microsoft Windows Server 2003 installation CD-ROM  Support\Tools folder on the CD  Dcdiag  Repadmin  Replmon

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES32 DOMAIN CONTROLLERDIAG  Many options for diagnosing and repairing domain controller issues  Type dcdiag /? at a command prompt to see a list  Noteworthy examples  dcdiag /test:replication  dcdiag /fix  Many options for diagnosing and repairing domain controller issues  Type dcdiag /? at a command prompt to see a list  Noteworthy examples  dcdiag /test:replication  dcdiag /fix

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES33 REPADMIN  Command line utility for replication control and monitoring  Type repadmin /? at a command prompt to see a list  Noteworthy examples  /showreps – view replication partners  /showconn – view connections  /sync and /syncall – force replication  /showmeta – view attributes of a specific object  /showvector – check USNs for a particular naming context, also named partition  Command line utility for replication control and monitoring  Type repadmin /? at a command prompt to see a list  Noteworthy examples  /showreps – view replication partners  /showconn – view connections  /sync and /syncall – force replication  /showmeta – view attributes of a specific object  /showvector – check USNs for a particular naming context, also named partition

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES34 REPLMON: ACTIVE DIRECTORY REPLICATION MONITOR  Graphical utility for replication control and monitoring  Launch from Support Tools option on Start menu or by typing replmon in Run dialog box or CMD prompt  Noteworthy capabilities  Check replication topology  Force synchronization  Generate a status report to a log file  View bridgehead servers  Graphical utility for replication control and monitoring  Launch from Support Tools option on Start menu or by typing replmon in Run dialog box or CMD prompt  Noteworthy capabilities  Check replication topology  Force synchronization  Generate a status report to a log file  View bridgehead servers

Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES35 SUMMARY  Intrasite versus intersite replication details  Site, site link, and site link bridge creation and configuration  Intersite replication configuration options  Bridgehead servers  Protocol selection  Windows Support Tools: domain controllerdiag, Repadmin, Replmon  Intrasite versus intersite replication details  Site, site link, and site link bridge creation and configuration  Intersite replication configuration options  Bridgehead servers  Protocol selection  Windows Support Tools: domain controllerdiag, Repadmin, Replmon

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.