04-Configuring Active Directory Sites and Replication

• Overview of Active Directory Domain Services Replication?. • Overview of AD DS Sites and Replication?[r]

Module 4: Configuring Active Directory Sites

and Replication

Module Overview

• Overview of Active Directory Domain Services Replication

• Overview of AD DS Sites and Replication

• Configuring and Monitoring AD DS Replication

Lesson 1: Overview of Active Directory Domain Services Replication

• How Active Directory Replication Works

• How AD DS Replication Works Within a Site

• Resolving Replication Conflicts

• Optimizing Replication

• What Are Directory Partitions?

• What Is Replication Topology?

• How Directory Partitions and the Global Catalog

Are Replicated

• How the Replication Topology Is Generated

• Demonstration: Creating and Configuring

Connection Objects

How Active Directory Replication WorksActive Directory replication:

• Uses a multimaster model

• Uses pull replication

• Uses store and forward replication

• Uses loose consistency with convergence

• Addition of an object to Active Directory

• Modification of an object’s attribute values

• Deletion of an object from the directory

Changes that initiate replication include:

How AD DS Replication Works Within a Site

In a single site:

• Domain controllers notify replication partners when updates are applied

• For normal updates, the change notification happens

15 seconds after the change is applied

• Notifications for security related changes are

sent immediately

• Replication updates are not compressed

Resolving Replication Conflicts

In a multimaster replication model, replication conflicts can

arise when:

• The same attribute is changed on two domain controllers

simultaneously

• An object is moved or added to a deleted container on

another domain controller

• Two objects with the same relative distinguished name are

added to the same container on two different domain controllers

To resolve replication conflicts, AD DS uses:

• Version number • Time stamp • Server GUID

Optimizing Replication

• In a multimaster replication model, AD DS updates

can be replicated using multiple paths

• AD DS uses update sequence numbers, high watermarks, and up-to-dateness vectors to ensure that updates

are replicated to a specific domain controller only once

What Are Directory Partitions?

Information about the Active Directory structure

Information about specific objects

domain-Information about applications

Contains:

How Directory Partitions and the Global Catalog Are Replicated

Domain A topology Domain B topology Schema and configuration topology

Global catalog replication

server

How the Replication Topology Is Generated

• Each domain controller has two replication partners

for each Active Directory partition

• The KCC creates two one-way connection objects

between replication partners to ensure that no two domain

controllers are ever more than three network hops away

• When a new domain controller is added to a site,

the KCC recalculates connection objects

• Connection objects can replicate one or more partitions

Active Directory uses the KCC to establish a replication path between

domain controllers

Demonstration: Creating and Configuring

Connection Objects

In this demonstration, you will see how to create

connection objects and configure existing connection objects

Lesson 2: Overview of AD DS Sites

and Replication

• What Are AD DS Sites and Site Links?

• Discussion: Why Implement Additional Sites?

• Demonstration: Configuring AD DS Sites

• How Replication Works Between Sites

• Comparing Replication Within Sites and Between Sites

• Demonstration: Configuring AD DS Site Links

• What Is the Inter-site Topology Generator?

• How Unidirectional Replication Works

What Are AD DS Sites and Site Links?

Discussion: Why Implement Additional Sites?

• Why would an organization choose to implement

additional sites?

• What are the benefits and disadvantages of creating additional sites?

Demonstration: Configuring AD DS Sites

In this demonstration, you will see how to:

• Create sites and subnets

• Move domain controllers to other sites

Comparing Replication Within Sites and

Between Sites

Replication Within Sites:

Assumes fast and highly reliable network links

Does not compress replication traffic Uses a change notification mechanism

Replication Between Sites:

Assumes limited available bandwidth and unreliable network links

Compresses all replication traffic between sites

Occurs on a manual schedule

Demonstration: Configuring AD DS Site Links

In this demonstration, you will see how to:

• Configure the default site link

• Create additional site links

• Add sites to the site links

What Is the Inter-site Topology Generator?

IP Subnet

A1

A2

Bridgehead server

Bridgehead server

How Unidirectional Replication Works

• Unidirectional replication

ensures that changes to a

read-only domain

controller are never

replicated to any other

domain controller

Lesson 3: Configuring and Monitoring

AD DS Replication

• What Is a Bridgehead Server?

• Demonstration: Configuring Bridgehead Servers

• Demonstration: Configuring Replication Availability and Scheduling

• What Is Site Link Bridging?

• Demonstration: Modifying Site Link Bridges

• What Is Universal Group Membership Caching?

• Demonstration: Configuring Universal Group

Membership Caching

• Demonstration: Tools for Monitoring and

Managing Replication

What Is a Bridgehead Server?

Demonstration: Configuring Bridgehead Servers

In this demonstration, you will see how to configure

bridgehead servers

Demonstration: Configuring Replication

Availability and Frequency

In this demonstration, you will see how to configure the site link object to manage replication between sites

What Is Site Link Bridging?

B1

B3

C2 C1

Site C

Demonstration: Modifying Site Link Bridges

In this demonstration, you will see how to:

• Disable site link bridging

• Create a new site link bridge

What Is Universal Group Membership Caching?

IP Subnet

A1

A2

Bridgehead server

Bridgehead server

Demonstration: Configuring Universal Group

Membership Caching

In this demonstration, you will see how to:

• Configure universal group membership caching for a site

• Configure the source for caching

Demonstration: Tools for Monitoring and

Managing Replication

In this demonstration you will see how to:

• Identify the domain controller holding the ISTG role

• Force the KCC to run, and how to force replication

• Use Repadmin, NLTest, and DCDiag

Lab: Configuring Active Directory Sites and Replication

• Exercise 1: Configuring AD DS Sites and Subnets

• Exercise 2: Configuring AD DS Replication

• Exercise 3: Monitoring AD DS Replication

Lab Review

• What additional changes would you need to make to the

AD DS site configuration if you needed to ensure that all replication traffic in the New-York site passed through

NYC-DC2?

• What additional changes would you need to make if you implemented another WAN connection between Tokyo and London, and wanted to use that WAN connection for AD

DS replication instead of routing all replication changes

through NewYork-Site?

• Why did you force the domain controllers in the lab to

update their IP addresses in DNS?

Module Review and Takeaways

• Review questions

• Considerations for configuring AD DS sites and replication

• Tools

Beta Feedback Tool

• Beta feedback tool helps:

 Collect student roster information, module feedback, and course evaluations

 Identify and sort the changes that students request, thereby facilitating a quick team triage

 Save data to a database in SQL Server that you can later query

• Walkthrough of the tool

Beta Feedback

• Overall flow of module:

 Which topics did you think flowed smoothly, from topic to topic?

 Was something taught out of order?

• Pacing:

 Were you able to keep up? Are there any places where the pace felt too slow?

 Were you able to process what the instructor said before

moving on to next topic?

 Did you have ample time to reflect on what you learned? Did you have time to formulate and ask questions?

knowledge in your work environment?

 Were there any discussion questions or reflection questions that really made you think? Were there questions you

thought weren’t helpful?