Module 4: Configuring Active Directory Sites

and Replication

Module Overview

• Overview of Active Directory Domain Services Replication

• Overview of AD DS Sites and Replication

• Configuring and Monitoring AD DS Replication

Lesson 1: Overview of Active Directory Domain Services Replication

• How Active Directory Replication Works

• How AD DS Replication Works Within a Site

• Resolving Replication Conflicts

• Optimizing Replication

• What Are Directory Partitions?

• What Is Replication Topology?

• How Directory Partitions and the Global Catalog Are Replicated

• How the Replication Topology Is Generated

• Demonstration: Creating and Configuring Connection Objects

How Active Directory Replication Works

Active Directory replication:

• Uses a multimaster model

• Uses pull replication

• Uses store and forward replication

• Uses loose consistency with convergence

• Addition of an object to Active Directory

• Modification of an object’s attribute values

• Deletion of an object from the directory

Changes that initiate replication include:

How AD DS Replication Works Within a Site

In a single site:

• Domain controllers notify replication partners when updates are applied

• For normal updates, the change notification happens 15 seconds after the change is applied

• Notifications for security related changes are sent immediately

• Replication updates are not compressed

Resolving Replication Conflicts

In a multimaster replication model, replication conflicts can arise when:

• The same attribute is changed on two domain controllers simultaneously

• An object is moved or added to a deleted container on another domain controller

• Two objects with the same relative distinguished name are added to the same container on two different domain controllers

To resolve replication conflicts, AD DS uses:

• Version number • Time stamp • Server GUID

Optimizing Replication

• In a multimaster replication model, AD DS updates can be replicated using multiple paths

• AD DS uses update sequence numbers, high watermarks, and up-to-dateness vectors to ensure that updates are replicated to a specific domain controller only once

What Are Directory Partitions?

Active Directory Database

Active Directory Database

Configurablereplication

Domain

Forest Schema

Configuration

<Domain>

<Application>

Definitions and rules for creating and manipulating objects and attributes

Information about the Active Directory structure

Information about domain-specific objects

Information about applications

Contains:

Domain A TopologyDomain controllers in the same domainDomain controllers in the same domain

A1 A2

A3 A4

What Is Replication Topology?

Domain A Topology

Domain B Topology

A1 A2

A3 A4

B1

B2

B3

Domain controllers from various domainsDomain controllers from various domains

How Directory Partitions and the Global Catalog Are Replicated

Domain A topology

Domain B topologySchema and configurationtopologyGlobal catalog replication

A1 A2

A3 A4

B1

B2

B3

Domain controllers from various domainsDomain controllers from various domains

Global catalogserver

Global catalogserver

Global catalogserver

Global catalogserver

Global catalogserver

Global catalogserver

How the Replication Topology Is Generated

• Each domain controller has two replication partners for each Active Directory partition

• The KCC creates two one-way connection objects between replication partners to ensure that no two domain controllers are ever more than three network hops away

• When a new domain controller is added to a site, the KCC recalculates connection objects

• Connection objects can replicate one or more partitions

Active Directory uses the KCC to establish a replication path between domain controllers

Demonstration: Creating and Configuring Connection Objects

In this demonstration, you will see how to create connection objects and configure existing connection objects

Lesson 2: Overview of AD DS Sites and Replication

• What Are AD DS Sites and Site Links?

• Discussion: Why Implement Additional Sites?

• Demonstration: Configuring AD DS Sites

• How Replication Works Between Sites

• Comparing Replication Within Sites and Between Sites

• Demonstration: Configuring AD DS Site Links

• What Is the Inter-site Topology Generator?

• How Unidirectional Replication Works

What Are AD DS Sites and Site Links?

Site

IP SubnetIP Subnet

IP SubnetIP Subnet

A1

A2

Site LinkSite Link

IP SubnetIP SubnetIP SubnetIP Subnet

Site

B3

B1 B2

Sites:

• Identify network locations with fast reliable network connections

• Are associated with subnet objects in Active Directory

Discussion: Why Implement Additional Sites?

• Why would an organization choose to implement additional sites?

• What are the benefits and disadvantages of creating additional sites?

Demonstration: Configuring AD DS Sites

In this demonstration, you will see how to:

• Create sites and subnets

• Move domain controllers to other sites

Site

A1

A2

Site LinkSite Link

Site

B3

B1 B2

You can configure:

• Replication paths between sites

• Replication schedulesand frequency

• Replication protocols

How Replication Works Between Sites

Comparing Replication Within Sites and Between Sites

Replication Within Sites:

Assumes fast and highly reliable network links

Does not compress replication traffic

Uses a change notification mechanism

Replication Between Sites:

Assumes limited available bandwidth and unreliable network links

Compresses all replication traffic between sites

Occurs on a manual schedule

IP SubnetIP Subnet

A1

A2

IP SubnetIP Subnet

ReplicationReplication

IP SubnetIP Subnet

A1

A2

IP SubnetIP Subnet

ReplicationReplication

IP SubnetIP Subnet

B1

B2

IP SubnetIP Subnet

ReplicationReplication

ReplicationReplication

Demonstration: Configuring AD DS Site Links

In this demonstration, you will see how to:

• Configure the default site link

• Create additional site links

• Add sites to the site links

What Is the Inter-site Topology Generator?

IP SubnetIP Subnet

A1

A2

Bridgehead server

Bridgehead server

ReplicationReplication

B2

Bridgehead serverBridgehead server

B1

ReplicationReplication

IP SubnetIP Subnet

IP SubnetIP Subnet

ReplicationReplication

IP SubnetIP Subnet

Inter-site topology generatorInter-site topology generator

• The inter-site topology generator defines the replication between sites on a network

Inter-site topologygenerator

Inter-site topologygenerator

How Unidirectional Replication Works

• Unidirectional replication ensures that changes to a read-only domain controller are never replicated to any other domain controller

Lesson 3: Configuring and Monitoring AD DS Replication

• What Is a Bridgehead Server?

• Demonstration: Configuring Bridgehead Servers

• Demonstration: Configuring Replication Availability and Scheduling

• What Is Site Link Bridging?

• Demonstration: Modifying Site Link Bridges

• What Is Universal Group Membership Caching?

• Demonstration: Configuring Universal Group Membership Caching

• Demonstration: Tools for Monitoring and Managing Replication

What Is a Bridgehead Server?

A bridgehead server:

• Sends and receives replicated data

• Is designated for each partition in the site

IP SubnetIP Subnet

IP SubnetIP SubnetBridgehead ServerBridgehead Server

ReplicationReplication

IP SubnetIP Subnet

IP SubnetIP Subnet

Bridgehead ServerBridgehead Server

B1B1

A1A1

Demonstration: Configuring Bridgehead Servers

In this demonstration, you will see how to configure bridgehead servers

Demonstration: Configuring Replication Availability and Frequency

In this demonstration, you will see how to configure the site link object to manage replication between sites

What Is Site Link Bridging?

IP SubnetIP SubnetIP SubnetIP Subnet

Site B

IP SubnetIP SubnetIP SubnetIP Subnet

Site A

IP SubnetIP SubnetIP SubnetIP Subnet

A1

A2

Site Link BridgeSite Link Bridge

B2

Site Link BCSite Link BCSite Link ABSite Link AB

B1

B3

C2

C1

Site C

Demonstration: Modifying Site Link Bridges

In this demonstration, you will see how to:

• Disable site link bridging

• Create a new site link bridge

What Is Universal Group Membership Caching?

IP SubnetIP Subnet

A1

A2

Bridgehead server

Bridgehead server

Bridgehead serverBridgehead server

B1

IP SubnetIP Subnet

IP SubnetIP Subnet

IP SubnetIP Subnet

Global Catalog ServerGlobal Catalog Server

• Enables domain controllers in a site with no global catalog servers to cache universal group membership

Demonstration: Configuring Universal Group Membership Caching

In this demonstration, you will see how to:

• Configure universal group membership caching for a site

• Configure the source for caching

Demonstration: Tools for Monitoring and Managing Replication

In this demonstration you will see how to:

• Identify the domain controller holding the ISTG role

• Force the KCC to run, and how to force replication

• Use Repadmin, NLTest, and DCDiag

Lab: Configuring Active Directory Sites and Replication

• Exercise 1: Configuring AD DS Sites and Subnets

• Exercise 2: Configuring AD DS Replication

• Exercise 3: Monitoring AD DS Replication

Logon information

Virtual machineNYC-DC1, LON-DC1, MIA-RODC, NYC-RAS

User name Administrator

Password Pa$$w0rd

Estimated time: 60 minutes

Lab Review

• What additional changes would you need to make to the AD DS site configuration if you needed to ensure that all replication traffic in the New-York site passed through NYC-DC2?

• What additional changes would you need to make if you implemented another WAN connection between Tokyo and London, and wanted to use that WAN connection for AD DS replication instead of routing all replication changes through NewYork-Site?

• Why did you force the domain controllers in the lab to update their IP addresses in DNS?

Module Review and Takeaways

• Review questions

• Considerations for configuring AD DS sites and replication

• Tools

Beta Feedback Tool

• Beta feedback tool helps: Collect student roster information, module feedback, and

course evaluations. Identify and sort the changes that students request, thereby

facilitating a quick team triage. Save data to a database in SQL Server that you can later

query.

• Walkthrough of the tool

Beta Feedback

• Overall flow of module: Which topics did you think flowed smoothly, from topic to

topic? Was something taught out of order?

• Pacing: Were you able to keep up? Are there any places where the

pace felt too slow? Were you able to process what the instructor said before

moving on to next topic? Did you have ample time to reflect on what you learned? Did

you have time to formulate and ask questions?• Learner activities:

Which demos helped you learn the most? Why do you think that is?

Did the lab help you synthesize the content in the module? Did it help you to understand how you can use this knowledge in your work environment?

Were there any discussion questions or reflection questions that really made you think? Were there questions you thought weren’t helpful?