Unit 4 NT1330 Client-Server Networking II Date: 1/13/2016 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 1/13/2016 Instructor: Williams Obinkyereh

Class Agenda 1 Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times. 10 Minutes break in every 1 Hour. Note: Submit all Assignment and labs due today.

Class Agenda 2 Theory : Unit 4: Working with Active Directory Sites ( 6:00pm -8:00pm) Class room –Th 5 Unit 4. Lab 1. Working with Active Directory Sites (8:15pm to 11:00pm) Class room –Lab 1

Working with Active Directory Sites Lesson 3

Skills Matrix Technology Skill Objective Domain Objective # Introducing Active Directory Sites Configure sites 2.3 Configuring Active Directory Replication Configure Active Directory replication 2.4

Logical Versus Physical Structure Forest Trees Domains OUs Leaf objects Physical IP Subnets/Sites Domain Controllers Logical is how we look at and organize resources. Physical is actually what it looks like.

Forest Root Domain First domain is the forest root and is referred to as the forest root domain Imperative to the functionality of AD; if it disappears, the entire structure ceases to operate Functions the forest root domain usually handles: DNS server Global catalog server Forestwide administrative accounts Operations masters MCTS Windows Server 2008 Active Directory

Forest Root Domain First domain is the forest root and is referred to as the forest root domain Imperative to the functionality of AD; if it disappears, the entire structure ceases to operate Functions the forest root domain usually handles: DNS server Global catalog server Forestwide administrative accounts Operations masters

Forest Root Domain (cont.)

Understanding Sites AD site represents a physical location where DCs are placed and group policies can be applied First DC of a forest creates a site named Default-First-Site-Name once installed Three main reasons for establishing multiple sites: Authentication efficiency Replication efficiency Application efficiency Sites are created using Active Directory Sites and Services

Understanding Sites (cont.)

Site Components Subnets Each site is associated with one or more IP subnets, and a subnet can only be associated with a single site Site Links A site link is needed to connect two or more sites for replication purposes Determine replication schedule and frequency between two sites Bridgehead Servers Intersite replication occurs between bridgehead servers One DC is designated as the Inter-Site topology Generator (ISTG), which then designates a bridgehead server to handle replication for each directory partition

Active Directory Sites Sites are defined by IP subnets that are well-connected, which means that network infrastructure between them is fast and reliable. In most cases, an Active Directory site will map to a single LAN. Multiple sites will be joined together by site links. Intersite replication takes place along site links that you defined within Active Directory Sites and Services.

Site Links Intersite replication topology is determined by cost value associate with site links

Default-First-Site-Name

Active Directory Replication Replication is the process of maintaining a consistent database of information when the database is distributed among several locations Intrasite replication Replication between domain controllers in the same site Intersite replication Occurs between two or more sites Multimaster replication Used by AD for replacing AD objects Knowledge Consistency Checker (KCC) runs on all DCs Determines the replication topology, which defines the domain controller path that AD changes flow through and ensures no more than three hops exist between any two DCs MCTS Windows Server 2008 Active Directory

Active Directory Replication Remember: Intra means internal, such as an intranet (your own network). Inter means external, such as the Internet (a conglomeration of networks). Emphasize that if it is internal, fast as possible, no compression and direct to everyone. If it is external, going over the WAN, slower to save bandwidth. Therefore, compression. Bridgehead would also be beneficial.

Active Directory Replication (cont.)

Active Directory Replication The process of duplicating Active Directory information between domain controllers for the purposes of fault tolerance and redundancy. Active Directory sites are the means by which administrators can control replication traffic. Whatever changes are made on one domain controller, they are sent to other domain controllers.

Understanding the Replication Process Replication within Active Directory will occur when one of the following conditions is met: An object is added or removed from Active Directory. The value of an attribute has changed. The name of an object has changed.

Active Directory Replication

Knowledge Consistency Checker (KCC) Each domain controller uses an internal process called the Knowledge Consistency Checker (KCC) to map the logical network topology between the domain controllers.

Viewing Active Directory Connection Objects Open the Active Directory Sites and Services MMC snap-in. Click the Sites folder, select the desired site, and then click the Servers folder. Expand the server name for which you wish to view connection objects and right-click NTDS Settings. Click Properties.

Viewing Active Directory Connection Objects

Viewing Active Directory Connection Objects

Creating a New Site In Active Directory Sites and Services, right-click the Sites folder and select New Site. In the New Object-Site dialog box, key the name for the site based on your plan. Select the DefaultIPSiteLink from the list of site names and click OK to complete the site creation. Show how to create a site.

Select New Subnet from the menu. Creating a New Subnet In Active Directory Sites and Services, right-click the Subnets folder. Select New Subnet from the menu. In the New Object-Subnet dialog box, enter the IP address and subnet mask that correspond to the segment in your design. Select the site you wish to associate with this subnet and click OK. Show hot to create a new subnet.

Creating a New Subnet

Configuring Intersite Replication Cost Allows the administrator to define the path that replication will take. If more than one path can be used to replicate information, cost assignments will determine which path is chosen first. A lower-numbered cost value will be chosen over a higher-numbered cost value. Cost values can use a value of 1 to 99,999. Chosen by the Active Directory administrator and are relational only to one another.

Configuring Intersite Replication Schedule The schedule of the site link object determines when the link is available to replicate information. By default, newly created site link objects are available for replication 24/7.

Replication Protocol For both intrasite and intersite replication, Active Directory uses Remote Procedure Calls over Internet Protocol (RPC over IP) by default for all replication traffic. RPC is commonly used to communicate with network services on various computers, whereas IP is responsible for the addressing and routing of the data. RPC over IP replication keeps data secure while in transit by using both authentication and encryption. Explain RPC. Remote procedure call (RPC) is an Inter-process communication technology that allows a computer program to cause a subroutine or procedure to execute in another address space (commonly on another computer on a shared network) without the programmer explicitly coding the details for this remote interaction. That is, the programmer would write essentially the same code whether the subroutine is local to the executing program

Replication Protocol Simple Mail Transport Protocol (SMTP) is an alternative solution for intersite replication when a direct or reliable IP connection is not available. SMTP cannot replicate domain directory partitions. Requires an enterprise certification authority (CA) that is fully integrated with Active Directory.

Replication Protocol Unlike RPC over IP, SMTP does not adhere to schedules and should be used only when replicating between different domains over an extremely slow or unreliable WAN link.

Summary of Replication Methods

Monitoring Replication Dcdiag Repadmin

A command-line tool used for monitoring Active Directory. Dcdiag A command-line tool used for monitoring Active Directory. Perform connectivity and replication tests, reporting errors that occur. Report DNS registration problems. Analyze the permissions required for replication. Analyze the state of domain controllers within the forest. Demonstrate the Dcdiag. While demonstrating, you can increase the command prompt window font size.

Repadmin A command-line tool used for the following: To view the replication topology from the perspective of each domain controller. To manually create a replication topology if site link bridging is disabled because the network is not fully routed. To force replication between domain controllers when you need updates to occur immediately without waiting for the next replication cycle. To view the replication metadata, which is the combination of the actual data and the up-to-date vector or USN information. This is helpful in determining the most up-to-date information prior to seizing an operations master role. Also demonstrate this.

Summary You learned how to define and manage sites and site links. You learned how to determine a site strategy based on the physical network infrastructure. You learned how to use Active Directory Sites and Services to configure replication.

Unit 4 Assignments Unit 4. Assignment 1. AD Design Replication Scenario Unit 4. Exercise 1. Site-to-Site Connectivity Scenario

Unit 4 Lab Unit 4. Lab 1. Working with Active Directory Sites