Module 4: Configuring Active Directory Domain Sevices Sites and Replication

Module Overview
Overview of Active Directory Domain Services Replication Overview of AD DS Sites and Replication

Configuring and Monitoring AD DS Replication

Lesson 1: Overview of Active Directory Domain Services Replication

How AD DS Replication Works How AD DS Replication Works Within a Site

Resolving Replication Conflicts

Optimizing Replication
What Are Directory Partitions?

What Is Replication Topology?

How Directory Partitions and the Global Catalog

Are Replicated

How the Replication Topology Is Generated Demonstration: Creating and Configuring

Connection Objects

How AD DS Replication Works

Active Directory replication:
Uses a multimaster model Uses pull replication Uses store and forward replication Uses loose consistency with convergence

Changes that initiate replication include:

Addition of an object to AD DS

Modification of an objects attribute values

Deletion of an object from the directory

How AD DS Replication Works Within a Site

In a single site:
Domain controllers notify replication partners when updates are applied
For normal updates, the change notification happens 15 seconds after the change is applied Notifications for security-related changes are sent immediately Replication updates are not compressed

Resolving Replication Conflicts

In a multimaster replication model, replication conflicts can arise when:
The same attribute is changed on two domain controllers simultaneously An object is moved or added to a deleted container on another domain controller Two objects with the same relative distinguished name are added to the same container on two different domain controllers To resolve replication conflicts, AD DS uses:

Version number

Time stamp

Server GUID

Optimizing Replication
In a multimaster replication model, AD DS updates can be replicated using multiple paths AD DS uses update sequence numbers, high watermarks, and up-to-dateness vectors to ensure that updates are replicated to a specific domain controller only once

What Are Directory Partitions?

Contains: Definitions and rules for creating and manipulating objects and attributes Forest Schema Information about the Active Directory structure Information about domainspecific objects Information about applications

Configuration Domain <Domain> Configurable replication

<Application> Active Directory Database

What Is Replication Topology?

A1 A1 A2 A2 B2

B1

A3 A3

A4 A4

B3

Domain controllers Domain controllers in from various domains the same domain

Domain A Topology Domain A Topology Domain B Topology

How Directory Partitions and the Global Catalog Are Replicated

Global catalog server A1 A2 B2

B1

Global catalog server

A3

A4

B3

Global catalog server

Domain controllers from various domains

Domain A topology Domain B topology Schema and configuration topology Global catalog replication

How the Replication Topology Is Generated

Active Directory uses the KCC to establish a replication path between domain controllers

Each domain controller has two replication partners for each Active Directory partition The KCC creates two one-way connection objects between replication partners to ensure that no two domain controllers are ever more than three network hops away When a new domain controller is added to a site, the KCC recalculates connection objects Connection objects can replicate one or more partitions

Demonstration: Creating and Configuring Connection Objects

In this demonstration, you will see how to create connection objects and configure existing connection objects

Lesson 2: Overview of AD DS Sites and Replication

What Are AD DS Sites and Site Links? Discussion: Why Implement Additional Sites?

Demonstration: Configuring AD DS Sites

How Replication Works Between Sites Comparing Replication Within Sites and Between Sites

Demonstration: Configuring AD DS Site Links

What Is the Inter-site Topology Generator? How Unidirectional Replication Works

What Are AD DS Sites and Site Links?

Sites:
Identify network locations with fast, reliable network connections Are associated with subnet objects in AD DS
B1 B2 A1 A2 IP Subnet

Site

IP Subnet

Site Link

IP Subnet

B3

Site

IP Subnet

Discussion: Why Implement Additional Sites?

Why would an organization choose to implement

additional sites? additional sites?

What are the benefits and disadvantages of creating

Demonstration: Configuring AD DS Sites

In this demonstration, you will see how to:
Create sites and subnets

Move domain controllers to other sites

How Replication Works Between Sites

You can configure:
Replication paths between sites Replication schedules and frequency Replication protocols
A1 A2

Site

B1

B2

Site Link

B3

Site

Comparing Replication Within Sites and Between Sites

Replication Within Sites:
A1
IP Subnet

Assumes fast and highly reliable network links Does not compress replication traffic Uses a change notification mechanism

A2
IP Subnet

Replication

A1
IP Subnet

IP Subnet

Replication

A2

B1
IP Subnet

Replication
B2
IP Subnet Replication

Replication Between Sites: Assumes limited available bandwidth and unreliable network links Compresses all replication traffic between sites Occurs on a manual schedule

Demonstration: Configuring AD DS Site Links

In this demonstration, you will see how to:
Configure the default site link

Create additional site links

Add sites to the site links

What Is the Inter-site Topology Generator?

Inter-site topology generator
A1 IP Subnet

The inter-site topology generator defines the replication between sites on a network

Bridgehead server
A2

Replication

IP Subnet

B1 IP Subnet B2 Replication

Inter-site topology generator

Replication IP Subnet

Bridgehead server

How Unidirectional Replication Works

Unidirectional replication ensures that changes to a read-only domain controller are never replicated to any other domain controller

Lesson 3: Configuring and Monitoring AD DS Replication

What Is a Bridgehead Server? Demonstration: Configuring Bridgehead Servers

Demonstration: Configuring Replication Availability

and Scheduling

What Is Site Link Bridging? Demonstration: Modifying Site Link Bridges What Is Universal Group Membership Caching? Demonstration: Configuring Universal Group

Membership Caching

Demonstration: Tools for Monitoring and

Managing Replication

What Is a Bridgehead Server?

A bridgehead server:
Sends and receives replicated data
IP Subnet Bridgehead Server

A1

Is designated for each partition in the site

IP Subnet

Replication

IP Subnet

IP Subnet

B1 Bridgehead Server

Demonstration: Configuring Bridgehead Servers

In this demonstration, you will see how to configure bridgehead servers

Demonstration: Configuring Replication Availability and Frequency

In this demonstration, you will see how to configure the site link object to manage replication between sites

What Is Site Link Bridging?

B1 B2

IP Subnet

B3 IP Subnet

Site Link AB

Site B

Site Link BC

Site Link Bridge

A1 A2 C1 C2

Site A
IP Subnet IP Subnet

Site C
IP Subnet IP Subnet

Demonstration: Modifying Site Link Bridges

In this demonstration, you will see how to:
Disable site link bridging

Create a new site link bridge

What Is Universal Group Membership Caching?

Global Catalog Server
A1

Enables domain controllers in a site with no global catalog servers to cache universal group membership

IP Subnet

Bridgehead server
A2

IP Subnet

IP Subnet

B1

IP Subnet

Bridgehead server

Demonstration: Configuring Universal Group Membership Caching

In this demonstration, you will see how to:
Configure universal group membership caching for a site

Configure the source for caching

Demonstration: Tools for Monitoring and Managing Replication

In this demonstration you will see how to:
Identify the domain controller holding the ISTG role

Force the KCC to run, and then to force replication

Use Repadmin, NLTest, and DCDiag

Lab: Configuring Active Directory Sites and Replication

Exercise 1: Configuring AD DS Sites and Subnets Exercise 2: Configuring AD DS Replication

Exercise 3: Monitoring AD DS Replication

Logon information

Virtual machine User name Password

NYC-DC1, LONDC1, MIA-RODC, NYC-RAS

Administrator Pa$$w0rd

Estimated time: 60 minutes

Lab Review
What additional changes would you need to make to the

AD DS site configuration if you needed to ensure that all replication traffic in the New-York site passed through NYC-DC2? implemented another WAN connection between Tokyo and London, and wanted to use that WAN connection for AD DS replication instead of routing all replication changes through NewYork-Site? update their IP addresses in DNS?

What additional changes would you need to make if you

Why did you force the domain controllers in the lab to

Module Review and Takeaways

Review questions Considerations for configuring AD DS sites and replication

Tools