Active Directory Cookbook for windows server 2003- P36 docx

Recipe 11.7 Creating a Site Link 11.7.1 Problem You want to create a site link to connect two or more sites together.. 11.7.2.2 Using a command-line interface The following LDIF would

Trang 1

that were created or that were associated with the default site and determine what site they really should be associated with

Recipe 11.7 Creating a Site Link

11.7.1 Problem

You want to create a site link to connect two or more sites together

11.7.2 Solution

11.7.2.1 Using a graphical user interface

1 Open the Active Directory Sites and Services snap-in

2 Expand the Sites container

3 Expand the Inter-Site Transports container

4 Right-click on IP (or SMTP) and select New Site Link

5 For Name, enter the name for the site link

6 Under Site is not in this site link, select at least two sites and click the Add button

7 Click OK

11.7.2.2 Using a command-line interface

The following LDIF would create a site link connecting the SJC and Dallas sites:

dn: cn=Dallas-SJC,cn=IP,cn=inter-site

transports,cn=sites,cn=configuration,<ForestRootDN>

changetype: add

objectclass: siteLink

siteObject: cn=SJC,cn=sites,cn=configuration,<ForestRootDN>

siteObject: cn=Dallas,cn=sites,cn=configuration,<ForestRootDN>

If the LDIF file were named create_site_link.ldf, you'd then run the following command:

> ldifde -v -i -f create_site_link.ldf

11.7.2.3 Using VBScript

' This code creates a site link

' - SCRIPT CONFIGURATION -

intCost = 100 ' site link cost

intReplInterval = 180 ' replication interval in minutes

strSite1 = "<Site1>" ' e.g SJC

strSite2 = "<Site2>" ' e.g Dallas

strLinkName = strSite1 & " - " & strSite2

' - END CONFIGURATION -

' Taken from ADS_PROPERTY_OPERATION_ENUM

const ADS_PROPERTY_UPDATE = 2

Trang 2

set objRootDSE = GetObject("LDAP://RootDSE")

set objLinkCont = GetObject( _

"LDAP://cn=IP,cn=Inter-site Transports,cn=sites," & _ objRootDSE.Get("configurationNamingContext") )

set objLink = objLinkCont.Create("siteLink", "cn=" & strLinkName)

strSite1DN = "cn=" & strSite1 & ",cn=sites," & _

objRootDSE.Get("configurationNamingContext")

strSite2DN = "cn=" & strSite2 & ",cn=sites," & _

objLink.PutEx ADS_PROPERTY_UPDATE, "siteList", Array(strSite1DN,strSite2DN) objLink.Put "cost", intCost

objLink.Put "replInterval", intReplInterval

objLink.SetInfo

WScript.Echo "Successfully created link: " & strLinkName

11.7.3 Discussion

Without site links, domain controllers would not be able to determine the optimal partners to replicate with The cost that is associated with a site defines how "expensive" the link is A lower cost is less expensive (or faster) than a higher cost Link costs are inversely proportional to bandwidth

11.7.4 See Also

MS KB 316812 (HOW TO: Create and Configure a Site Link in Active Directory in Windows 2000)

Recipe 11.8 Finding the Site Links for a Site

11.8.1 Problem

You want to list the site links that are associated with a site

11.8.2 Solution

1 Open LDP and from the menu, select Connection Connect

2 For Server, enter the name of a domain controller (or leave blank to do a serverless bind)

3 For Port, enter 389

4 Click OK

5 From the menu, select Connection Bind

6 Enter credentials of domain user

7 Click OK

8 From the menu, select Browse Search

9 For BaseDN, type the Inter-Site Transports container DN (e.g.,

Trang 3

cn=Inter-10 For Scope, select Subtree

11 For Filter, enter the following:

12 (&(objectcategory=siteLink)(siteList=cn=<SiteName>,[RETURN]

cn=sites,cn=configuration,<ForestRootDN>))

13 Click Run

> dsquery * "cn=inter-site

transports,cn=sites,cn=configuration,<ForestRootDN>"[RETURN]

-filter "(&(objectcategory=siteLink)(siteList=cn=<SiteName>,[RETURN]

cn=sites,cn=configuration,<ForestRootDN>))" -scope subtree -attr name

' This code displays the site links associated with the specified site

strSiteName = "<SiteName>" ' e.g Raleigh

strSiteDN = "cn=" & strSiteName & ",cn=sites," & _

objRootDSE.Get("ConfigurationNamingContext")

strBase = "<LDAP://cn=Inter-site Transports,cn=sites," _

& objRootDSE.Get("ConfigurationNamingContext") & ">;"

strFilter = "(&(objectcategory=siteLink)" & _

"(siteList=" & strSiteDN & "));"

strAttrs = "name;"

strScope = "subtree"

set objConn = CreateObject("ADODB.Connection")

objConn.Provider = "ADsDSOObject"

objConn.Open "Active Directory Provider"

set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)

WScript.Echo "Total site links for " & strSiteName & ": " & objRS.RecordCount

if objRS.RecordCount > 0 then

objRS.MoveFirst

while Not objRS.EOF

Wscript.Echo vbTab & objRS.Fields(0).Value

objRS.MoveNext

wend

end if

A site can be included as part of zero or more site links A site with no site links would be considered orphaned from the site topology, since there is no way to determine how and where it connects into the topology Branch office sites may have only a single site link back to a hub, while a hub site may have numerous links that connect it to the rest of the world

Trang 4

Finding the site links associated with a site consists of performing a query for all siteLink objects that have DN of the site included in the siteList attribute for a link The siteList attribute is a multivalued attribute that contains all the sites that are connected via the site link

Recipe 11.9 Modifying the Sites That Are Part of a Site Link

11.9.1 Problem

You want to modify the sites associated with a site link

11.9.2 Solution

2 In the left pane, expand Sites Inter-Site Transports

3 Click either the IP or SMTP folder depending where the site link is stored

4 In the right pane, double-click on the link you want to modify

5 Under the General tab, you can add and remove sites that are associated with the site link

6 Click OK

Create an LDIF file called modify_site_link.ldf with the following contents Replace <LinkName>

with the name of the link and <SiteName> with the site to add to the link

dn: cn=<LinkName>,cn=IP,cn=inter-site

changetype: modify

add: siteList

siteList: cn=<SiteName>,cn=sites,cn=configuration,<ForestRootDN>

-

Then run the following command:

> ldifde -v -i -f modify_site_link.ldf

' This code adds a site to an existing site link

strSite = "<SiteName>" ' e.g Burlington

strLink = "<LinkName>" ' e.g DEFAULTIPSITELINK

' Taken from ADS_PROPERTY_OPERATION_ENUM

Trang 5

set objLink = GetObject("LDAP://cn=" & strLink & _

",cn=IP,cn=Inter-site Transports,cn=sites," & _

objRootDSE.Get("configurationNamingContext") )

strSiteDN = "cn=" & strSite & ",cn=sites," & _

objLink.PutEx ADS_PROPERTY_APPEND, "siteList", Array(strSiteDN)

objLink.SetInfo

WScript.Echo "Successfully modified link: " & strLink

To associate a site with a site link, add the DN of the site to the siteList attribute of the

siteLink object that represents the link To remove a site from a link, do the reverse Remove the DN associated with the site from the siteList attribute

11.9.4 See Also

Recipe 11.8 for finding the links associated with a site

Recipe 11.10 Modifying the Cost for a Site Link

11.10.1 Problem

You want to modify the cost for a site link

11.10.2 Solution

3 Click either the IP or SMTP folder depending where the site link is stored

4 In the right pane, double-click on the link you want to modify

5 Under the General tab, you can change the cost for the site link

6 Click OK

Create an LDIF file called modify_site_link_cost.ldf with the following contents Replace

<LinkName> with the name of the site you want to modify

dn: cn=DEFAULTIPSITELINK,cn=IP,cn=inter-site

transports,cn=sites,cn=configuration,<ForestRootDN>

changetype: modify

replace: cost

cost: <LinkCost>

Trang 6

-

> ldifde -v -i -f modify_site_link_cost.ldf

' This code modifies the cost attribute of a site link

strLink = "<SiteLink>" ' e.g DEFAULTIPSITELINK

intCost = <LinkCost> ' e.g 200

set objLink = GetObject("LDAP://cn=" & strLink & _

objLink.Put "cost", intCost

objLink.SetInfo

WScript.Echo "Successfully modified link: " & strLink

The cost attribute is one of the most important attributes of siteLink objects cost is used by the KCC to determine what connection objects should be created to allow domain controllers to replicate data

cost is inversely proportional to bandwidth The lower the cost, the greater the bandwidth The number you use for the cost is also arbitrary; the default is 100 You could use 100-1,000 as the range for your site link costs, or you could use 1-10 The actual number isn't important, it is relative based on the other site links

Recipe 11.11 Disabling Site Link Transitivity or Site Link Schedules

11.11.1 Problem

You want to disable site link transitivity to control replication

Trang 7

4 Select Properties

5 To disable site link transitivity, uncheck Bridge all site links

6 To ignore site link schedules, check Ignore schedules

7 Click OK

You can modify the options attribute of a site link object using an LDIF file and ldifde, but since the attribute is a bit flag, you are better off using the GUI or VBScript solutions that look at the current value of options and modify it accordingly ldifde doesn't handle this type of logic

' This code can disable site link transitivity and site

' schedules for all links of the IP transport

' The code for the CalcBit function can be found in Recipe 4.12

- SCRIPT CONFIGURATION -

boolDisableTrans = <TrueOrFalse> ' e.g TRUE

boolIgnoreSchedules = <TrueOrFalse> ' e.g FALSE

set objLink = GetObject( _

"LDAP://cn=IP,cn=Inter-site Transports,cn=sites," & _

intBitsOrg = objLink.Get("options")

intBits = CalcBit(intBitsOrig, 2, boolDisableTrans)

intBits = CalcBit(intBitsOrig, 1, boolIgnoreSchedules)

if objLink.Get("options") <> intBits then

objLink.Put "options", intBits

objLink.SetInfo

WScript.Echo "Successfully modified link transitivity for " & strLink else

WScript.Echo "Did not need to modify link transitivity for " & strLink end if

Active Directory site links are transitive, which means that if site A is linked to site B, and site B

is linked to site C, then site A is also be linked (through site B) to site C The Knowledge

Consistency Checker (KCC) uses transitivity by default when making decisions about creating connection objects You can disable this behavior if you want Typically this is not something you'll want to do unless you know what you are doing Disabling transitivity may be necessary for some Windows 2000 deployments that have a lot of sites and find that the KCC is having a hard time keeping up With Windows Server 2003, the KCC has been greatly improved and site link transitivity should not cause problems

The other reason you might want to disable transitivity is if you need to make replication more deterministic Disabling transitivity makes it much easier to determine where the KCC will

Trang 8

attempt to establish connection objects, because the KCC on a domain controller will not be able

to replicate with domain controllers that are not in sites that are directly linked

I mention site link schedules here primarily because the same attribute (i.e., options) that determines site link transitivity also determines if link schedules are enforced If you enable the ignore schedules option for a particular transport (i.e., IP or SMTP), the KCC ignores any

preconfigured link schedules If you later disable this setting, link schedules will go back into effect

11.11.4 See Also

Recipe 4.12 for more on setting a bit-flag attribute

Recipe 11.12 Creating a Site Link Bridge

11.12.1 Problem

You want to create a site link bridge because you've disabled site link transitivity

3 Right-click either the IP or SMTP folder depending which protocol you want to create a site link bridge for

4 Select New Site Link Bridge

5 Highlight two or more sites in the left box

6 Click the Add button

7 Click OK

Create an LDIF file called create_site_link_bridge.ldf with the following contents, where

<Link1> and <Link2> refer to the site links to be bridged:

dn: cn=<BridgeName>,cn=IP,cn=inter-site

changetype: add

objectclass: siteLinkBridge

siteLinkList: cn=<Link1>,cn=IP,cn=Inter-site

Transports,cn=sites,cn=configuration,

<ForestRootDN>

siteLinkList: cn=<Link2>,cn=IP,cn=Inter-site

Trang 9

> ldifde -v -i -f create_site_link_bridge.ldf

' This code creates a site link bridge between two site links

strLink1 = "<Link1>" ' e.g AMS-LON

strLink2 = "<Link2>" ' e.g SJC-RTP

strBridge = "<BridgeName>" ' e.g AMER-EUR

set objLinkCont = GetObject( _

"LDAP://cn=IP,cn=Inter-site Transports,cn=sites," & _ objRootDSE.Get("configurationNamingContext") )

set objBridge = objLinkCont.Create("siteLinkBridge", "cn=" & strBridge)

strLink1DN = "cn=" & strLink1 & _

strLink2DN = "cn=" & strLink2 & _

objBridge.Put "siteLinkList", Array(strLink1DN,strLink2DN)

objBridge.SetInfo

WScript.Echo "Successfully created bridge: " & strBridge

If you've disabled site link transitivity or have networks that lack direct routes between sites, you will need to create site link bridges Creating a site link bridge to link several links is analogous

to creating a site link to link several sites Lets take an example where site link transitivity is disabled and we have four sites; site A has a link to site B and site C has a link to site D If we want domain controllers in sites A and B to replicate with sites C and D, we need to create a site link bridge to bridge the A-B link with C-D

11.12.4 See Also

Recipe 11.11 for disabling site link transitivity

Recipe 11.13 Finding the Bridgehead Servers for a Site

11.13.1 Problem

You want to find the bridgehead servers for a site

Trang 10

1 Open the Replication Monitor from the Support Tools (replmon.exe)

2 From the menu, select View Options

3 In the left pane, right-click on Monitored Servers and select Add Monitored Server

4 Use the Add Monitored Server Wizard to add a server in the site you want to find the bridgehead server(s) for

5 In the left pane, right-click on the server and select Show BridgeHead Servers In This Server's Site

> repadmin /bridgeheads [<ServerName>] [/verbose]

The /bridgeheads option is valid only with the Windows Server 2003 version of repadmin There is no such option in the Windows 2000 version

' This code finds the bridgehead servers for the specified site

strServer = "<ServerName>" ' server to target query against, e.g dc01

strSite = "<SiteName>" ' name of site to query

' e.g Default-First-Site-Name

set objIadsTools = CreateObject("IADsTools.DCFunctions")

intRes = objIadsTools.GetBridgeHeadsInSite(Cstr(strServer),Cstr(strSite),0)

if intRes = -1 then

Wscript.Echo "Error bridge heads: " & objIadsTools.LastErrorText

WScript.Quit

end if

for count = 1 to intRes

WScript.Echo vbTab & objIadsTools.BridgeHeadName(count)

a funnel for replication into and out of a site Any domain controller in a site can become a bridgehead server and bridgeheads are designated by the KCC for each writeable partition in the site You can control which servers are designated as bridgehead servers by defining preferred bridgehead servers See Recipe 11.14 for more on how to do this

Định dạng
Số trang	10
Dung lượng	33,1 KB