The Best Damn Windows Server 2003 Book Period- P55 potx

Working with Active Directory Sites In this chapter: Understanding the Role of Sites Relationship of Sites to Other Active Directory Components Creating Sites and Site Links Understa

Trang 2

Working with Active Directory Sites

In this chapter:

Understanding the Role of Sites

Relationship of Sites to Other Active Directory Components

Creating Sites and Site Links

Understanding Site Replication

Introduction

In the previous chapter, we saw the logical structure of the network as defined by forests and domains Sites and the subnets, of which sites are comprised, define the physical structure of an Active Directory network Sites are important in an enterprise-level

mul-tiple location network, for creating a topology that optimizes the process of replicating

Active Directory information between domain controllers (DCs) Sites are used for replication and for optimizing the authentication process by reducing authentication traffic across slow, high-cost WAN links Site and subnet information is also used by Active Directory-enabled services to help clients find the nearest service providers

In this chapter, we discuss the role of sites in the Active Directory infrastructure, and how replication, authentication, and distribution of services information work within

and across sites We explain the relationship of sites with domains and subnets, and how to

create sites and site links

You’ll also learn about site replication and how to plan, create, and manage a

replica-tion topology We’ll walk you through the steps of configuring replicareplica-tion between sites, and discuss how to troubleshoot replication failures

Chapter 14

507

Trang 3

Understanding the Role of Sites

In today’s distributed network environment, the communication must always be rapid and reliable Geographical and other restrictions resulted in the need to create smaller networks, known as

subnets.These subnets provide rapid and reliable communication between locations, which can also

be attained in larger networks by using Microsoft Windows Server 2003 Active Directory Sites They ensure rapid and reliable communication by using the methods offered by Microsoft Windows Server 2003 Active Directory Sites to regulate inter-subnet traffic

A site defines the network structure of a Windows Server 2003 Active Directory A site consists

of multiple Internet Protocol (IP) subnets linked together by rapid and reliable connections.The

pri-mary role of sites is to increase the performance of a network by economic and rapid transmission

of data.The other roles of sites are replication and authentication.The Active Directory physical structure manages when and how the authentication and replication must take place.The Active Directory physical structure allows the management of Active Directory replication scheduling

between sites.The performance of a network is also based on the location of objects and logon

authentication as users log on to the network.

Replication

Replication is defined as the practice of transferring data from a data store present on a source com-puter to an identical data store present on a destination comcom-puter to synchronize the data In a net-work, the directory data must live in one or more places on the network to be equally available to all users.The Active Directory directory service manages a replica of directory data on one or more DCs, ensuring the availability of directory data to all users.The Active Directory works on the

con-cept of sites to perform replication efficiently, and uses the Knowledge Consistency Checker (KCC) to

choose the best replication topology for the network automatically

Authentication

The authentication process includes the confirmation of the source and integrity of infor-mation, such as verifying the identity of a user or computer An important characteristic of

authentication in the Windows Server 2003 family is its support for single sign-on.The single

sign-on feature allows a user to log on to the network once, using a single password, and authenticate to any computer in a network Interactive logon authentication verifies the

authentication verifies the user’s identification to a network service to which the user tries to gain access Windows Server 2003 supports Kerberos V5 and Secure Socket Layer/Transport Layer Security (SSL/TLS) authentication mechanisms

Distribution of Services Information

Active Directory distributes a wide range of service information.The DCs are also used to distribute directory information and generate responses for each service request.The Active Directory dis-tributes service-centric information such as configurations and bindings.The distribution of this type of information enables the services to be more accessible by clients and is easily manageable for

508 Chapter 14 • Working with Active Directory Sites

Trang 4

administrators Figure 14.1 shows how the services information is accessed between the client, server, and a DC in a network

In Figure 14.1, the client shares the services information between a client, server, and a DC in three steps:

1 The client makes a request

2 The client receives the services information from a DC as a response

3 The clients available on the network server then use the services information

Certain sets of services are distributed by the directories by default, including file and print ser-vices, storage management, Active Directory, and management services.These sets of services can be modified in the directories to meet the needs of your network environment.The distribution of ser-vices to the directory provides the following benefits:

■ Resource availability This Active Directory model is a service-centric model that enables the client to provide access to the distributed network services Since the services information is distributed to the directory, clients needn’t store the resource’s location

■ Administration Distributing services in Active Directory enables the administrator to resolve configuration-related problems in a network centrally, instead of having to visit individual computers.This feature ensures that all the services employ the latest configura-tion informaconfigura-tion

■ Publishing services This process enables the data or operations available to the network users Publishing a service in Active Directory enables users and administrators to move from a machine-centric view of the network to a service-centric view

Figure 14.1 Services Information Shared between a Client, Server, and a Domain

Domain Controller

2 1

3

Trang 5

Relationship of Sites to

Other Active Directory Components

A site is as a collection of inter-connected computers that operates over IP subnets A site is also a

place on a network having high bandwidth connectivity.The relationship of sites to Active

Directory components is based on the following network operations performed by sites:

■ Control of replication occurrences

■ Changes made with the sites

■ How efficiently DCs within a domain can communicate

Relationship of Sites and Domains

A site can contain one or more domains, and a domain can be part of one or more sites Sites and domains do not have to maintain the same namespace Sites and domains are interrelated to each other because sites control replication of the domain information

For more information on the working of domains, see Chapter 12, “Working with Forests and Domains” and Chapter 15, “Working with Domain Controllers.”

Physical vs Logical Structure of the Network

The sites present in an Active Directory denote the physical structure of a network, domains represent the logical or administrative structure of the organization.The physical structure information is available as

site and site link objects in the directory.This information is used to build the most efficient replica-tion topology Generally, Active Directory Sites and Services are used to define sites and site links

Figure 14.2 The Relationship of the Sites and Domains Present in a Network

Domain

Site

Domain

Trang 6

This partitioning of physical (sites) and logical (domains) structure offers the following advantages:

■ You can develop and manage the logical and physical structures of your network independently

■ You do not have to base domain namespaces on your physical network

■ You can deploy DCs for multiple domains within the same site

■ You can deploy DCs for the same domain in multiple sites

The Relationship of Sites and Subnets

In Active Directory, a site consists of a set of computers that are inter-connected in a local area net-work (LAN) Computers within the same site typically exist in the same building, or on the same campus network A single site consists of one or more IP subnets Sites and subnets are represented

in Active Directory by site and subnet objects, which we create through the Active Directory Sites and Services administrative tool Each site object is associated with one or more subnet objects

Creating Sites and Site Links

In this section, we’ll look at creating sites and site links, as well as planning for your site As with most other administrative tasks in Windows Server 2003, planning is a key component that improves the end result and reduces error and downtime

Site Planning You should plan thoroughly before creating and deploying an Active Directory Site planning enables you to optimize the efficiency of the network and reduce administrative overhead High-performance sites are developed based on the proper planning of the physical design of your network Site planning

enables you to determine exactly which sites you should create and how they can be linked using site

links and site link bridges Site information is stored in the configuration partition, which enables you to

create sites and related information at any point in your deployment of Active Directory

Site planning enables you to publish site information in the directory for use by applications and services Generally, the Active Directory consumes the site information.You’ll see how replication impacts site planning later in the chapter

Criteria for Establishing Separate Sites

When you initially create a domain, a single default Active Directory site called

Default-Site-First-Name is created.This site represents your entire network A domain or forest consisting of a separate

site can be highly efficient for a LAN connected by high-speed bandwidth

Trang 7

If a single LAN consists of a separate subnet or if a network consists of multiple subnets connected

by a high-speed connection, establishing a separate site topology offers the following advantages:

■ Simplified replication management

■ Regular directory updates between all DCs

Establishing separate site topology enables all replication to occur as intra-site replication, which

requires no manual replication configuration A separate site design enables DCs to receive updates with respect to directory changes

Creating a Site

Sites are created using the Active Directory Sites and Services tool of Windows Server 2003.This tool can also be used to create new sites, site links, subnets, and so forth Use the following steps to create a new site

Create a new site

1 To open the Active Directory Sites and Services tool, click Start | Control Panel |

Administrative Tools | Active Directory Sites and Services.The Active Directory Sites and Services console opens

2 Highlight the Sites folder in the left-hand tree pane of the Active Directory Sites and

Services console Right-click and select Sites folder New | Site option from the context

menu

3 Selecting the New Site option opens a New Object – Site dialog box.

4 Type the name of the site in the Name box present in the New Object – Site dialog

box

5 Select an initial site link object for the site from the New Object – Site dialog box.

6 Click OK.This completes the process of creating a site using the Active Directory Sites

and Servicestool Figure 14.3 shows the initial site link object of the site

Figure 14.3 The Initial Site Link Object for the Site

Trang 8

Renaming a Site Renaming a site is one of the first tasks you should perform when administering a site structure

When you create a site initially, it is created with the default name Default-First-Site-Name.This

name can be changed based on the purpose of the site, such as the name of the physical location

A site is also renamed when a network of an organization is expanded by one or more sites Even

if an organization is located in a single location, it makes sense to rename the Default-First-Site-Name, because you never know when the network will expand Renaming a site enables administrators to differentiate sites present in a network easily and perform administration tasks efficiently

When a DC becomes aware that its site has been renamed, it will update its DNS records appropriately Because of issues with cached DNS lookups and client caching of site names that will lead to temporary delays in connectivity directly after a rename, it’s best to name and rename sites as early as possible in the deployment After renaming a site, it’s advisable to manually force replication with other DCs in the same site

Sites are renamed using the Active Directory Sites and Services tool of Windows Server 2003

Use the following procedure to rename a site

Rename a new site

Administrative Tools Double-click Active Directory Sites and Services.The Active

Directory Sites and Services dialog box opens

2 Highlight the Sites folder in the left-hand tree pane of the Active Directory Sites and

Services console Expand the Sites folder, and you’ll see the sites shown with icons of

small, yellow office buildings

3 Right-click the site you want to rename and select the Rename option from the context

menu

4 Type the new name of the site in the Name box in the left console pane.

5 Click OK.This completes the process of renaming a site using the Active Directory Sites

and Services tool

Creating Subnets Subnets are associated with the Active Directory sites to match client computers As you know, the subnets are denoted by a range of IP addresses.The Active Directory Sites and Services user inter-face prevents you from having to provide the subnet names manually; instead, you are prompted for

a network address Subnets are created using the Active Directory Sites and Services tool of Windows Server 2003.You can use the following steps to create subnets

Trang 9

Create subnets

Administrative Tools , and then double-click Active Directory Sites and Services.

The Active Directory Sites and Services console opens

2 Highlight the Sites folder in the left tree pane of the Active Directory Sites and

Services console Expand the Sites folder.

3 Right-click Subnets and select New Subnet from the context menu.

4 Selecting the New Subnet option opens a New Object – Subnet dialog box.

5 Type the network address and subnet mask in the form of dotted decimal notation in the

text boxes present in the New Object – Subnet dialog box.

6 Select a site object for this subnet from the list provided in the New Object – Subnet

dialog box

7 Click OK.This completes the process of creating a subnet using the Active Directory Sites

and Services tool

Associating Subnets with Sites

After creating sites and subnets, the next step is to associate your subnets with sites.You specify the subnets associated with each site on your network by creating subnet objects in the Active Directory Sites and Services console.The association of subnets with sites enables the computers on the Active Directory network to use the subnet information to find a DC in the same site, so that authentica-tion traffic will not cross over WAN links Active Directory also uses subnets during the replicaauthentica-tion process to determine the best routes between DCs

Subnets are associated with sites using the Active Directory Sites and Services tool of Windows Server 2003 Once you’ve created sites and subnets, you need to associate them.The following steps walk you through that process

Associate subnets with sites

Administrative Tools, and then double-click Active Directory Sites and Services.

2 Highlight the Subnet folder present in the left tree pane of the Active Directory Sites and

Services console

3 Right-click the newly created subnet and select the Properties option; this will open a

Properties dialog box

4 Associate any site with this subnet by selecting the available site from the site drop-down

menu, and click OK, as shown in Figure 14.4.

Trang 10

5 Click OK.This completes the process of associating a subnet with a site using the Active

Directory Sites and Services tool

Creating Site Links After creating and defining the scope of each site, the next step in the site configuration process is establishing connections between the sites.The physical connectivity between the sites is established

between the Active Directory databases by site link objects A site link object is an Active Directory object that embodies a set of sites that can communicate at uniform cost A site link that connects

only two sites using the IP transport typically corresponds to a WAN link A site link that connects more than two sites typically corresponds to Asynchronous Transfer Mode (ATM) and metropolitan area network (MAN) through leased lines and IP routers Each site link is based on the following four components:

■ Transport The networking technology to move the replication traffic

■ Sites The sites that the site link connects

■ Cost The value to calculate the site links by comparing to others, in terms of speed and reliability charges

■ Schedule The times and frequency at which the replication will occur

Site links are created using the Active Directory Sites and Services tool of Windows Server

2003 Use the following steps to create site links

Create site links

Administrative Tools , and then double-click Active Directory Sites and Services.

Figure 14.4 Subnet Dialog Box for Associating/Changing the Site

Định dạng
Số trang	10
Dung lượng	498,83 KB