Module 7: Implementing Sites to Manage Active Directory Replication

Overview

Introduction to Active Directory Replication

Creating and Configuring Sites

Managing Site Topology

Troubleshooting Replication Failures

Planning a Site

Lesson: Introduction to Active Directory Replication

Multimedia: Replication Within Sites

Replication of Linked Multivalued Attributes

What Are Directory Partitions?

What Is Replication Topology?

Automatic Generation of Replication Topology

Global Catalog and Replication of Partitions

Multimedia: Replication Within Sites

Replication of Linked Multivalued Attributes

Forest functional level What happens?

< Windows Server 2003Change triggers replication of the entire membership list

= Windows Server 2003 Replication occurs by individual value instead of the whole attribute

Replication of linked multivalued attributes depends on the forest functional levelReplication of linked multivalued attributes depends on the forest functional level

What Are Directory Partitions?

Active Directory DatabaseActive Directory Database

Configurablereplication

Domain

Forest Schema

Configuration

<Domain>

<Application>

Definitions and rules for creating and manipulating objects and attributes

Definitions and rules for creating and manipulating objects and attributes

Information about the Active Directory structureInformation about the Active Directory structure

Information about domain-specific objectsInformation about domain-specific objects

Information about applicationsInformation about applications

Contains:

What Is Replication Topology?

Domain Controllers from the Same DomainDomain Controllers from the Same Domain

A1 A2

A3 A4

Domain A TopologySchema and ConfigurationTopology

Domain A TopologyDomain B TopologySchema and ConfigurationTopology

A1 A2

A3 A4

B1

B2

B3

Domain Controllers from Various DomainsDomain Controllers from Various Domains

Automatic Generation of Replication Topology

A1A2

A7A6

A3

A5

A4

KCCKCC

KCC

KCCKCC

KCC

KCC

A8

KCC

Automatic Generation of Replication Topology

Global Catalog and Replication of Partitions

Partial Directory Partition Replica

Schema

Configuration

Global Catalog Server

Holds read only copy of all domain directory partitionsHolds read only copy of all domain directory partitions

contoso.msftnamerica.contoso.msft

contoso.msftnamerica.contoso.msft

A1 A2

A3 A4

B1

B2

B3

Domain A TopologySchema/Config Topology

Domain A TopologyDomain B TopologySchema and ConfigurationTopology

Practice: Introduction to Active Directory Replication

In this practice, you will examine the Active Directory replication configuration

Lesson: Creating and Configuring Sites

What Are Sites and Subnet Objects?

What Are Site Links?

Replication Within Sites vs. Replication Between Sites

How to Create and Configure Sites and Subnets

How to Create and Configure Site Links

Why Disable Default Bridging of All Site Links?

How to Create a Site Link Bridge

What Are Sites and Subnet Objects?

Active Directory Sites and ServicesConsole Window Help

Active View

Tree

Active Directory Sites and ServicesSites

Default-First-Site-NameServers

Inter-Site Transports

Subnets

SiteInter-Site Transport ContainerSiteSubnets Container

Name Type

Redmond-Site

Default-First-Site-NameInter-Site TransportsRedmond-SiteSubnets

DENVERNTDS Settings

Default-First-Site-Name

Redmond-Site

B1

A1IP SubnetIP SubnetIP SubnetIP Subnet

IP SubnetIP Subnet

What Are Site Links?

Site

IP SubnetIP Subnet

IP SubnetIP Subnet

A1

A2

RPC or SMTP

Site LinkSite Link

IP SubnetIP SubnetIP SubnetIP Subnet

Site

B3

B1 B2

CostCost

A site link:A site link:

Enables replication traffic between sites

Represents the physical connection between sites

Enables replication traffic between sites

Represents the physical connection between sites

Replication Within Sites vs. Replication Between Sites

Replication Within Sites:

Assumes fast and highly reliable network links

Does not compress replication traffic

Uses a change notification mechanism

Replication Between Sites:

Assumes limited available bandwidth and unreliable network linksCompresses all replication traffic between sites Occurs on a manual schedule

IP SubnetIP Subnet

A1

A2

IP SubnetIP Subnet

ReplicationReplication

IP SubnetIP Subnet

A1

A2

IP SubnetIP Subnet

ReplicationReplication

IP SubnetIP Subnet

B1

B2

IP SubnetIP Subnet

ReplicationReplication

ReplicationReplication

How to Create and Configure Sites and Subnets

Your instructor will demonstrate how to:Your instructor will demonstrate how to:

Create a site

Create a subnet object

Associate a site with a subnet object

Move a domain controller to a different site

Delegate control of a site

Create a site

Create a subnet object

Associate a site with a subnet object

Move a domain controller to a different site

Delegate control of a site

How to Create and Configure Site Links

Your instructor will demonstrate how to:Your instructor will demonstrate how to:

Create a site link

Configure site link properties

Create a site link

Configure site link properties

Why Disable Default Bridging of All Site Links?

IP SubnetIP SubnetIP SubnetIP Subnet

Site B

IP SubnetIP SubnetIP SubnetIP Subnet

Site A

IP SubnetIP SubnetIP SubnetIP Subnet

A1

A2

Site Link BridgeSite Link Bridge

B2

Site Link BCSite Link BCSite Link ABSite Link AB

B1

B3

C2

C1

Site C

How to Create a Site Link Bridge

Your instructor will demonstrate how to:Your instructor will demonstrate how to:

Disable default bridging of all site links

Create a new site link bridge

Disable default bridging of all site links

Create a new site link bridge

Practice: Creating and Configuring Sites

In this practice, you will:

Create IP subnet and site objects

Associate subnet objects with sites

Move server objects into the site

Create IP site links between sites

Configure the replication cost, schedule, and interval of the links

Lesson: Managing Site Topology

What Is a Bridgehead Server?

What Is the Intersite Topology Generator?

How to Create a Preferred Bridgehead Server

How to Refresh the Replication Topology

How to Force Replication over a Connection

What Is a Bridgehead Server?

A bridgehead server:A bridgehead server:

Sends and receives replicated data

Is designated for each partition in the site

Sends and receives replicated data

Is designated for each partition in the site

IP SubnetIP Subnet

IP SubnetIP SubnetA1

Bridgehead ServerBridgehead Server

ReplicationReplication

IP SubnetIP Subnet

IP SubnetIP Subnet B1

Bridgehead ServerBridgehead Server

What Is the Intersite Topology Generator?

IP SubnetIP Subnet

A1

A2

Bridgehead

Server

Bridgehead

Server

ReplicationReplicationB2

Bridgehead ServerBridgehead Server

B1

ReplicationReplication

IP SubnetIP Subnet

IP SubnetIP Subnet

ReplicationReplication

IP SubnetIP Subnet

Intersite Topology GeneratorIntersite Topology Generator

Intersite topology generator defines the

replication between sites on a network

Intersite topology generator defines the

replication between sites on a network

How to Create a Preferred Bridgehead Server

Your instructor will demonstrate how to create a preferred bridgehead serverYour instructor will demonstrate how to create a preferred bridgehead server

How to Refresh the Replication Topology

Your instructor will demonstrate how to:Your instructor will demonstrate how to:

Determine what domain controller holds the intersite topology generator role in the site

Force the KCC to run

Determine what domain controller holds the intersite topology generator role in the site

Force the KCC to run

How to Force Replication over a Connection

Your instructor will demonstrate how to force replication over a connectionYour instructor will demonstrate how to force replication over a connection

Practice: Manually Initiating Replication

In this practice, you will:

View the current connection objects

Delete an automatically generated connection object

Refresh the replication topology

Verify that Active Directory recreated the connection object

Lesson: Troubleshooting Replication Failures

Common Replication Problems

What Is Replication Monitor?

How to Configure Replication Monitor

What Is the Repadmin Tool?

What Is the Dcdiag Tool?

How to Determine the Cause of a Problem

How to Resolve Replication Problems

Common Replication Problems

Symptom Possible causes

Replication does not finish or occur

Sites not connected by site linksNo bridgehead server in the site

Replication is slow Inefficient site topology and schedule

Client computers receive a slow response

No domain controller online in client siteNot enough domain controllers

Replication greatly increases network traffic

Insufficient bandwidthIncorrect site topology

The KCC cannot complete the topology Exception in the KCC

What Is Replication Monitor?

Replication Monitor

Displays: Replication topology Replicating partner USN values Number of failed attempts Flags

Displays: Replication topology Replicating partner USN values Number of failed attempts Flags

Polls the server at an administrator-defined interval

Polls the server at an administrator-defined interval

Monitors the count of failed replication attempts

Monitors the count of failed replication attempts

Triggers the KCC to recalculate the replication topology

Triggers the KCC to recalculate the replication topology

Synchronizes partitions between two domain

controllers

Synchronizes partitions between two domain

controllersShows which objects have not been replicated

Shows which objects have not been replicated

How to Configure Replication Monitor

Your instructor will demonstrate how to configure Replication MonitorYour instructor will demonstrate how to configure Replication Monitor

What Is the Repadmin Tool?

Use the Repadmin command-line tool to:Use the Repadmin command-line tool to:

View and manually create the replication topology

Force replication events between domain controllers

View the replication metadata

View and manually create the replication topology

Force replication events between domain controllers

View the replication metadata

Syntax: repadmin command arguments [/u:[domain\]user pw:{password|*}]

Syntax: repadmin command arguments [/u:[domain\]user pw:{password|*}]

What Is the Dcdiag Tool?

Use the Dcdiag command-line tool to:Use the Dcdiag command-line tool to:

Analyze the state of a domain controller and report any problems

Perform a series of tests to verify different areas of the system

Analyze the state of a domain controller and report any problems

Perform a series of tests to verify different areas of the system

Syntax: dcdiag command arguments [/v /f:LogFile /ferr:ErrLog ]

Syntax: dcdiag command arguments [/v /f:LogFile /ferr:ErrLog ]

How to Determine the Cause of the Problem

Possible causes Testing methodSites are not connected by site links Dcdiag /test:Topology

No bridgehead server in the site Repadmin /bridgeheadsInefficient site topology and schedule Repadmin /latency

No domain controller online in the site

Dcdiag /test:Replication Dcdiag /test:Connectivity

Not enough domain controllers System monitor NTDS counters

Incorrect site topology

Active Directory Sites and ServicesRepadmin /latencyDcdiag /test:Intersite

Exception in the KCC Dcdiag /test:kccevent

How to Resolve Replication Problems

Cause Resolution methodSites are not connected by site links Create and configure site links

No bridgehead server in the site Add or remove domain controllers from the preferred bridgehead server list

Inefficient site topology and schedule Modify the site topology and schedule

No domain controller online in the site Install or fix domain controllers

Not enough domain controllers Install additional domain controllers

Incorrect site topologyModify the site topologyEnsure site links match WAN links

Exception in the KCCEnable KCC loggingRun Repadmin /kcc

Practice: Troubleshooting Replication Failures

In this practice, you will use the Repadmin and Dcdiag command-line tools to examine the status of replication and to test the functionality of your domain controller

Lesson: Planning a Site

Overview of the Site Planning Process

Guidelines for Determining Schedule, Interval, and Protocol of Site Links

Guidelines for Determining the Need for Site Link Bridges

Guidelines for Determining the Requirements for Bridgehead Servers

Guidelines for Securing Active Directory Replication

Overview of the Site Planning Process

Site topology design documentSite topology design document

Number and location of sites in the organization

Site links to connect each site

Availability requirements for sites

Number of users

Site security policies

Number and location of sites in the organization

Site links to connect each site

Availability requirements for sites

Number of users

Site security policies

Site topology planning document

Site topology planning document

Site link schedule and duration

Site link bridges

Preferred bridgehead servers

Subnet objects

Domain controllers in sites

Site link schedule and duration

Site link bridges

Preferred bridgehead servers

Subnet objects

Domain controllers in sites

Guidelines for Determining the Schedule, Interval, and Protocol of Site Links

Determine site link schedules Determine site link schedules

Determine the site link interval Determine the site link interval

Determine the site link protocolDetermine the site link protocol

Guidelines for Determining the Need for Site Link Bridges

Create site link bridges when:Create site link bridges when:

Your IP network is not fully routed Your IP network is not fully routed

The domain controllers do not connect to all other domain controllers in the forestThe domain controllers do not connect to all other domain controllers in the forest

There are many sites, and the forest functional level is not Windows Server 2003 There are many sites, and the forest functional level is not Windows Server 2003

Guidelines for Determining the Requirements for Bridgehead Servers

Create multiple bridgehead servers for multiple directory partitions Create multiple bridgehead servers for multiple directory partitions

Use preferred bridgehead servers to exclude specific domain controllers from being bridgehead servers Use preferred bridgehead servers to exclude specific domain controllers from being bridgehead servers

Create a list of preferred bridgehead servers based on which server you want the intersite topology generator to use

Create a list of preferred bridgehead servers based on which server you want the intersite topology generator to use

Guidelines for Securing Active Directory Replication

Validate and authenticate a trust Validate and authenticate a trust

Use a specific port or protocol for each directory service Use a specific port or protocol for each directory service

Limit the range of RPC ports Limit the range of RPC ports

Establish an explicit trust between domains Establish an explicit trust between domains

Practice: Planning a Site

In this practice, you will:

Determine the site link schedule and duration for the new site link

Determine the configuration for a site link bridge and a preferred bridgehead server

Lab A: Implementing Sites to Manage Active Directory Replication

Creating a Replica Domain Controller

Creating and Configuring a Site for Your Domain

Troubleshooting Replication Between Sites