Module 4: Configuring Active Directory ® Domain Sevices Sites and Replication
Module Overview Overview of Active Directory Domain Services Replication Overview of AD DS Sites and Replication Configuring and Monitoring AD DS Replication
Lesson 1: Overview of Active Directory Domain Services Replication How AD DS Replication Works How AD DS Replication Works Within a Site Resolving Replication Conflicts Optimizing Replication What Are Directory Partitions? What Is Replication Topology? How Directory Partitions and the Global Catalog Are Replicated How the Replication Topology Is Generated Demonstration: Creating and Configuring Connection Objects
How AD DS Replication Works Active Directory replication: Uses a multimaster model Uses pull replication Uses store and forward replication Uses loose consistency with convergence Addition of an object to AD DS Modification of an object’s attribute values Deletion of an object from the directory Changes that initiate replication include:
How AD DS Replication Works Within a Site In a single site: Domain controllers notify replication partners when updates are applied For normal updates, the change notification happens 15 seconds after the change is applied Notifications for security-related changes are sent immediately Replication updates are not compressed
Resolving Replication Conflicts In a multimaster replication model, replication conflicts can arise when: The same attribute is changed on two domain controllers simultaneously An object is moved or added to a deleted container on another domain controller Two objects with the same relative distinguished name are added to the same container on two different domain controllers To resolve replication conflicts, AD DS uses: Version number Time stamp Server GUID
Optimizing Replication In a multimaster replication model, AD DS updates can be replicated using multiple paths AD DS uses update sequence numbers, high watermarks, and up-to-dateness vectors to ensure that updates are replicated to a specific domain controller only once
What Are Directory Partitions? Active Directory Database Configurable replication Domain Forest Schema Configuration Definitions and rules for creating and manipulating objects and attributes Information about the Active Directory structure Information about domain- specific objects Information about applications Contains:
Domain A Topology Domain controllers in the same domain A1A2 A3A4 What Is Replication Topology? Domain A Topology Domain B Topology A1A2 A3A4 B1 B2 B3 Domain controllers from various domains
How Directory Partitions and the Global Catalog Are Replicated Domain A topology Domain B topology Schema and configuration topology Global catalog replication A1A2 A3 A4 B1 B2 B3 Domain controllers from various domains Global catalog server
How the Replication Topology Is Generated Each domain controller has two replication partners for each Active Directory partition The KCC creates two one-way connection objects between replication partners to ensure that no two domain controllers are ever more than three network hops away When a new domain controller is added to a site, the KCC recalculates connection objects Connection objects can replicate one or more partitions Active Directory uses the KCC to establish a replication path between domain controllers
Demonstration: Creating and Configuring Connection Objects In this demonstration, you will see how to create connection objects and configure existing connection objects
Lesson 2: Overview of AD DS Sites and Replication What Are AD DS Sites and Site Links? Discussion: Why Implement Additional Sites? Demonstration: Configuring AD DS Sites How Replication Works Between Sites Comparing Replication Within Sites and Between Sites Demonstration: Configuring AD DS Site Links What Is the Inter-site Topology Generator? How Unidirectional Replication Works
What Are AD DS Sites and Site Links? Site IP Subnet A1 A2 Site Link IP Subnet Site B3 B1 B2 Sites: Identify network locations with fast, reliable network connections Are associated with subnet objects in AD DS
Discussion: Why Implement Additional Sites? Why would an organization choose to implement additional sites? What are the benefits and disadvantages of creating additional sites?
Demonstration: Configuring AD DS Sites In this demonstration, you will see how to: Create sites and subnets Move domain controllers to other sites
Site A1 A2 Site Link Site B3 B1 B2 You can configure: Replication paths between sites Replication schedules and frequency Replication protocols How Replication Works Between Sites
Comparing Replication Within Sites and Between Sites Replication Within Sites: Assumes fast and highly reliable network links Does not compress replication traffic Uses a change notification mechanism Replication Between Sites: Assumes limited available bandwidth and unreliable network links Compresses all replication traffic between sites Occurs on a manual schedule IP Subnet A1 A2 IP Subnet Replication IP Subnet A1 A2 IP Subnet Replication IP Subnet B1 B2 IP Subnet Replication
Demonstration: Configuring AD DS Site Links In this demonstration, you will see how to: Configure the default site link Create additional site links Add sites to the site links
What Is the Inter-site Topology Generator? IP Subnet A1A2 Bridgehead server Replication B2 Bridgehead server B1 Replication IP Subnet Replication IP Subnet Inter-site topology generator The inter-site topology generator defines the replication between sites on a network Inter-site topology generator
How Unidirectional Replication Works Unidirectional replication ensures that changes to a read-only domain controller are never replicated to any other domain controller
Lesson 3: Configuring and Monitoring AD DS Replication What Is a Bridgehead Server? Demonstration: Configuring Bridgehead Servers Demonstration: Configuring Replication Availability and Scheduling What Is Site Link Bridging? Demonstration: Modifying Site Link Bridges What Is Universal Group Membership Caching? Demonstration: Configuring Universal Group Membership Caching Demonstration: Tools for Monitoring and Managing Replication
What Is a Bridgehead Server? A bridgehead server: Sends and receives replicated data Is designated for each partition in the site IP Subnet Bridgehead Server Replication IP Subnet Bridgehead Server B1 A1
Demonstration: Configuring Bridgehead Servers In this demonstration, you will see how to configure bridgehead servers
Demonstration: Configuring Replication Availability and Frequency In this demonstration, you will see how to configure the site link object to manage replication between sites
What Is Site Link Bridging? IP Subnet Site B IP Subnet Site A IP Subnet A1 A2 Site Link Bridge B2 Site Link BC Site Link AB B1 B3 C2 C1 Site C
Demonstration: Modifying Site Link Bridges In this demonstration, you will see how to: Disable site link bridging Create a new site link bridge
What Is Universal Group Membership Caching? IP Subnet A1A2 Bridgehead server B1 IP Subnet Global Catalog Server Enables domain controllers in a site with no global catalog servers to cache universal group membership
Demonstration: Configuring Universal Group Membership Caching In this demonstration, you will see how to: Configure universal group membership caching for a site Configure the source for caching
Demonstration: Tools for Monitoring and Managing Replication In this demonstration you will see how to: Identify the domain controller holding the ISTG role Force the KCC to run, and then to force replication Use Repadmin, NLTest, and DCDiag
Lab: Configuring Active Directory Sites and Replication Exercise 1: Configuring AD DS Sites and Subnets Exercise 2: Configuring AD DS Replication Exercise 3: Monitoring AD DS Replication Logon information Virtual machine NYC-DC1, LON- DC1, MIA-RODC, NYC-RAS User nameAdministrator Password Pa$$w0rd Estimated time: 60 minutes
Lab Review What additional changes would you need to make to the AD DS site configuration if you needed to ensure that all replication traffic in the New-York site passed through NYC-DC2? What additional changes would you need to make if you implemented another WAN connection between Tokyo and London, and wanted to use that WAN connection for AD DS replication instead of routing all replication changes through NewYork-Site? Why did you force the domain controllers in the lab to update their IP addresses in DNS?
Module Review and Takeaways Review questions Considerations for configuring AD DS sites and replication Tools