module 4: configuring active directory® domain sevices sites and replication

8/14/2019 Module 4: Configuring Active Directory Domain Sevices Sites and Replication

1/34

Module 4: Configuring

Active Directory

Domain Sevices Sitesand Replication


2/34

Module Overview

Overview of Active Directory Domain Services Replication

Overview of AD DS Sites and Replication

Configuring and Monitoring AD DS Replication


3/34

Lesson 1: Overview of Active Directory DomainServices Replication

How AD DS Replication Works

How AD DS Replication Works Within a Site

Resolving Replication Conflicts

Optimizing Replication

What Are Directory Partitions? What Is Replication Topology?

How Directory Partitions and the Global CatalogAre Replicated

How the Replication Topology Is Generated

Demonstration: Creating and ConfiguringConnection Objects


4/34

How AD DS Replication Works

Active Directory replication: Uses a multimaster model

Uses pull replication

Uses store and forward replication

Uses loose consistency with convergence

Addition of an object to AD DS

Modification of an objects attribute values

Deletion of an object from the directory

Changes that initiate replication include:


5/34

How AD DS Replication Works Within a Site

In a single site: Domain controllers notify replication partners when

updates are applied

For normal updates, the change notification happens15 seconds after the change is applied

Notifications for security-related changes aresent immediately

Replication updates are not compressed


6/34

Resolving Replication Conflicts

In a multimaster replication model, replication conflicts can

arise when: The same attribute is changed on two domain controllers

simultaneously

An object is moved or added to a deleted container onanother domain controller

Two objects with the same relative distinguished name areadded to the same container on two different domain controllers

To resolve replication conflicts, AD DS uses: Version number Time stamp Server GUID


7/34

Optimizing Replication

In a multimaster replication model, AD DS updatescan be replicated using multiple paths

AD DS uses update sequence numbers, high watermarks,and up-to-dateness vectors to ensure that updatesare replicated to a specific domain controller only once


8/34

What Are Directory Partitions?

Active DirectoryDatabase

Active DirectoryDatabase

Configurablereplication

Domain

Forest Schema

Configuration

Definitions and rules forcreating and manipulatingobjects and attributes

Information about theActive Directory structure

Information about domain-specific objects

Information aboutapplications

Contains:


9/34

Domain A TopologyDomain controllers in thesame domainDomain controllers in thesame domain

A1 A2

A3 A4

What Is Replication Topology?

Domain A Topology

Domain B Topology

A1 A2

A3 A4

B1

B2

B3

Domain controllersfrom various domainsDomain controllersfrom various domains


10/34

How Directory Partitions and the Global CatalogAre Replicated

Domain A topology

Domain B topology

Schema and configurationtopology

Global catalog replication

A1 A2

A3 A4

B1

B2

B3

Domain controllersfrom various domainsDomain controllersfrom various domains

Global catalogserver


Global catalog

server

Global catalog

server




11/34

How the Replication Topology Is Generated

Each domain controller has two replication partners

for each Active Directory partition

The KCC creates two one-way connection objectsbetween replication partners to ensure that no two domaincontrollers are ever more than three network hops away

When a new domain controller is added to a site,the KCC recalculates connection objects

Connection objects can replicate one or more partitions

Active Directory uses the KCC to establish a replication path between

domain controllers


12/34

Demonstration: Creating and ConfiguringConnection Objects

In this demonstration, you will see how to createconnection objects and configure existing connection

objects


13/34

Lesson 2: Overview of AD DS Sitesand Replication

What Are AD DS Sites and Site Links?

Discussion: Why Implement Additional Sites?

Demonstration: Configuring AD DS Sites

How Replication Works Between Sites

Comparing Replication Within Sites and Between Sites Demonstration: Configuring AD DS Site Links

What Is the Inter-site Topology Generator?

How Unidirectional Replication Works


14/34

What Are AD DS Sites and Site Links?

Site

IP SubnetIP Subnet

IP SubnetIP Subnet

A1

A2

Site LinkSite Link

IP SubnetIP SubnetIP SubnetIP Subnet

Site

B3

B1 B2

Sites:

Identify networklocations with fast,reliable networkconnections

Are associated with

subnet objects inAD DS


15/34

Discussion: Why Implement Additional Sites?

Why would an organization choose to implementadditional sites?

What are the benefits and disadvantages of creatingadditional sites?


16/34

Demonstration: Configuring AD DS Sites

In this demonstration, you will see how to:

Create sites and subnets

Move domain controllers to other sites


17/34

Site

A1

A2

Site LinkSite Link

Site

B3

B1 B2

You can configure:

Replication pathsbetween sites

Replication schedulesand frequency

Replication protocols

How Replication Works Between Sites

C i R li ti Withi Sit d


18/34

Comparing Replication Within Sites andBetween Sites

Replication Within Sites:

Assumes fast and highlyreliable network links

Does not compressreplication traffic

Uses a change notificationmechanism

Replication Between Sites:

Assumes limited availablebandwidth and unreliablenetwork links

Compresses all replicationtraffic between sites

Occurs on a manual schedule

IP SubnetIP Subnet

A1

A2

IP SubnetIP Subnet

ReplicationReplication

IP SubnetIP Subnet

A1

A2

IP SubnetIP Subnet


IP SubnetIP Subnet

B1

B2

IP SubnetIP Subnet




19/34

Demonstration: Configuring AD DS Site Links


Configure the default site link

Create additional site links

Add sites to the site links


20/34

What Is the Inter-site Topology Generator?

IP SubnetIP Subnet

A1

A2

Bridgeheadserver

Bridgeheadserver


B2

Bridgehead serverBridgehead server

B1


IP SubnetIP Subnet

IP SubnetIP Subnet


IP SubnetIP Subnet

Inter-site topology

generator

Inter-site topology

generator

The inter-sitetopology generatordefines thereplication between

sites on a network

Inter-sitetopologygenerator

Inter-sitetopologygenerator


21/34

How Unidirectional Replication Works

Unidirectional replicationensures that changes to aread-only domaincontroller are neverreplicated to any otherdomain controller

Lesson 3: Configuring and Monitoring


22/34

Lesson 3: Configuring and MonitoringAD DS Replication

What Is a Bridgehead Server?

Demonstration: Configuring Bridgehead Servers

Demonstration: Configuring Replication Availabilityand Scheduling

What Is Site Link Bridging?

Demonstration: Modifying Site Link Bridges

What Is Universal Group Membership Caching?

Demonstration: Configuring Universal GroupMembership Caching

Demonstration: Tools for Monitoring andManaging Replication


23/34

What Is a Bridgehead Server?

A bridgehead server:

Sends and receivesreplicated data

Is designated foreach partition in

the site

IP SubnetIP Subnet

IP SubnetIP SubnetBridgehead ServerBridgehead Server


IP SubnetIP Subnet

IP SubnetIP Subnet

Bridgehead ServerBridgehead Server

B1B1

A1A1


24/34

Demonstration: Configuring Bridgehead Servers

In this demonstration, you will see how to configurebridgehead servers

Demonstration: Configuring Replication


25/34

Demonstration: Configuring ReplicationAvailability and Frequency

In this demonstration, you will see how to configure the sitelink object to manage replication between sites


26/34

What Is Site Link Bridging?

IPSubnetIPSubnetIPSubnetIPSubnet

Site B


Site A


A1

A2

Site LinkBridge

Site LinkBridge

B2

Site Link

BC

Site Link

BC

Site Link

AB

Site Link

AB

B1

B3

C2

C1

Site C


27/34

Demonstration: Modifying Site Link Bridges


Disable site link bridging

Create a new site link bridge


28/34

What Is Universal Group Membership Caching?

IP SubnetIP Subnet

A1

A2

Bridgeheadserver

Bridgeheadserver

Bridgehead serverBridgehead server

B1

IP SubnetIP Subnet

IP SubnetIP Subnet

IP SubnetIP Subnet

Global Catalog

Server

Global Catalog

Server

Enables domaincontrollers in a sitewith no globalcatalog servers to

cache universalgroup membership

Demonstration: Configuring Universal Group


29/34

Demonstration: Configuring Universal GroupMembership Caching


Configure universal group membership caching for a site

Configure the source for caching

Demonstration: Tools for Monitoring and


30/34

Demonstration: Tools for Monitoring andManaging Replication

In this demonstration you will see how to:

Identify the domain controller holding the ISTG role

Force the KCC to run, and then to force replication

Use Repadmin, NLTest, and DCDiag

Lab: Configuring Active Directory Sites and


31/34

Lab: Configuring Active Directory Sites andReplication

Exercise 1: Configuring AD DS Sites and Subnets

Exercise 2: Configuring AD DS Replication

Exercise 3: Monitoring AD DS Replication

Logon information

Virtual machine NYC-DC1, LON-DC1,MIA-RODC, NYC-RAS

User name Administrator

Password Pa$$w0rd

Estimated time: 60 minutes


32/34

Lab Review

What additional changes would you need to make to theAD DS site configuration if you needed to ensure that all

replication traffic in the New-York site passed throughNYC-DC2?

What additional changes would you need to make if youimplemented another WAN connection between Tokyo andLondon, and wanted to use that WAN connection for AD

DS replication instead of routing all replication changesthrough NewYork-Site?

Why did you force the domain controllers in the lab toupdate their IP addresses in DNS?


33/34

Module Review and Takeaways

Review questions

Considerations for configuring AD DS sites and replication

Tools


34/34

module 4: configuring active directory® domain sevices sites and replication

Documents