361 that were created or that were associated with the default site and determine what site they really should be associated with. Recipe 11.7 Creating a Site Link 11.7.1 Problem You want to create a site link to connect two or more sites together. 11.7.2 Solution 11.7.2.1 Using a graphical user interface 1. Open the Active Directory Sites and Services snap-in. 2. Expand the Sites container. 3. Expand the Inter-Site Transports container. 4. Right-click on IP (or SMTP) and select New Site Link. 5. For Name, enter the name for the site link. 6. Under Site is not in this site link, select at least two sites and click the Add button. 7. Click OK. 11.7.2.2 Using a command-line interface The following LDIF would create a site link connecting the SJC and Dallas sites: dn: cn=Dallas-SJC,cn=IP,cn=inter-site transports,cn=sites,cn=configuration,<ForestRootDN> changetype: add objectclass: siteLink siteObject: cn=SJC,cn=sites,cn=configuration,<ForestRootDN> siteObject: cn=Dallas,cn=sites,cn=configuration,<ForestRootDN> If the LDIF file were named create_site_link.ldf, you'd then run the following command: > ldifde -v -i -f create_site_link.ldf 11.7.2.3 Using VBScript ' This code creates a site link ' SCRIPT CONFIGURATION intCost = 100 ' site link cost intReplInterval = 180 ' replication interval in minutes strSite1 = "<Site1>" ' e.g. SJC strSite2 = "<Site2>" ' e.g. Dallas strLinkName = strSite1 & " - " & strSite2 ' END CONFIGURATION ' Taken from ADS_PROPERTY_OPERATION_ENUM const ADS_PROPERTY_UPDATE = 2 362 set objRootDSE = GetObject("LDAP://RootDSE") set objLinkCont = GetObject( _ "LDAP://cn=IP,cn=Inter-site Transports,cn=sites," & _ objRootDSE.Get("configurationNamingContext") ) set objLink = objLinkCont.Create("siteLink", "cn=" & strLinkName) strSite1DN = "cn=" & strSite1 & ",cn=sites," & _ objRootDSE.Get("configurationNamingContext") strSite2DN = "cn=" & strSite2 & ",cn=sites," & _ objRootDSE.Get("configurationNamingContext") objLink.PutEx ADS_PROPERTY_UPDATE, "siteList", Array(strSite1DN,strSite2DN) objLink.Put "cost", intCost objLink.Put "replInterval", intReplInterval objLink.SetInfo WScript.Echo "Successfully created link: " & strLinkName 11.7.3 Discussion Without site links, domain controllers would not be able to determine the optimal partners to replicate with. The cost that is associated with a site defines how "expensive" the link is. A lower cost is less expensive (or faster) than a higher cost. Link costs are inversely proportional to bandwidth. 11.7.4 See Also MS KB 316812 (HOW TO: Create and Configure a Site Link in Active Directory in Windows 2000) Recipe 11.8 Finding the Site Links for a Site 11.8.1 Problem You want to list the site links that are associated with a site. 11.8.2 Solution 11.8.2.1 Using a graphical user interface 1. Open LDP and from the menu, select Connection Connect. 2. For Server, enter the name of a domain controller (or leave blank to do a serverless bind). 3. For Port, enter 389. 4. Click OK. 5. From the menu, select Connection Bind. 6. Enter credentials of domain user. 7. Click OK. 8. From the menu, select Browse Search. 9. For BaseDN, type the Inter-Site Transports container DN (e.g., cn=Inter- siteTransports,cn=sites,cn=configuration,dc=rallencorp,dc=com). 363 10. For Scope, select Subtree. 11. For Filter, enter the following: 12. (&(objectcategory=siteLink)(siteList=cn=<SiteName>,[RETURN] cn=sites,cn=configuration,<ForestRootDN>)) 13. Click Run. 11.8.2.2 Using a command-line interface > dsquery * "cn=inter-site transports,cn=sites,cn=configuration,<ForestRootDN>"[RETURN] -filter "(&(objectcategory=siteLink)(siteList=cn=<SiteName>,[RETURN] cn=sites,cn=configuration,<ForestRootDN>))" -scope subtree -attr name 11.8.2.3 Using VBScript ' This code displays the site links associated with the specified site ' SCRIPT CONFIGURATION strSiteName = "<SiteName>" ' e.g. Raleigh ' END CONFIGURATION set objRootDSE = GetObject("LDAP://RootDSE") strSiteDN = "cn=" & strSiteName & ",cn=sites," & _ objRootDSE.Get("ConfigurationNamingContext") strBase = "<LDAP://cn=Inter-site Transports,cn=sites," _ & objRootDSE.Get("ConfigurationNamingContext") & ">;" strFilter = "(&(objectcategory=siteLink)" & _ "(siteList=" & strSiteDN & "));" strAttrs = "name;" strScope = "subtree" set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open "Active Directory Provider" set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope) WScript.Echo "Total site links for " & strSiteName & ": " & objRS.RecordCount if objRS.RecordCount > 0 then objRS.MoveFirst while Not objRS.EOF Wscript.Echo vbTab & objRS.Fields(0).Value objRS.MoveNext wend end if 11.8.3 Discussion A site can be included as part of zero or more site links. A site with no site links would be considered orphaned from the site topology, since there is no way to determine how and where it connects into the topology. Branch office sites may have only a single site link back to a hub, while a hub site may have numerous links that connect it to the rest of the world. 364 Finding the site links associated with a site consists of performing a query for all siteLink objects that have DN of the site included in the siteList attribute for a link. The siteList attribute is a multivalued attribute that contains all the sites that are connected via the site link. Recipe 11.9 Modifying the Sites That Are Part of a Site Link 11.9.1 Problem You want to modify the sites associated with a site link. 11.9.2 Solution 11.9.2.1 Using a graphical user interface 1. Open the Active Directory Sites and Services snap-in. 2. In the left pane, expand Sites Inter-Site Transports. 3. Click either the IP or SMTP folder depending where the site link is stored. 4. In the right pane, double-click on the link you want to modify. 5. Under the General tab, you can add and remove sites that are associated with the site link. 6. Click OK. 11.9.2.2 Using a command-line interface Create an LDIF file called modify_site_link.ldf with the following contents. Replace <LinkName> with the name of the link and <SiteName> with the site to add to the link. dn: cn=<LinkName>,cn=IP,cn=inter-site transports,cn=sites,cn=configuration,<ForestRootDN> changetype: modify add: siteList siteList: cn=<SiteName>,cn=sites,cn=configuration,<ForestRootDN> - Then run the following command: > ldifde -v -i -f modify_site_link.ldf 11.9.2.3 Using VBScript ' This code adds a site to an existing site link ' SCRIPT CONFIGURATION strSite = "<SiteName>" ' e.g. Burlington strLink = "<LinkName>" ' e.g. DEFAULTIPSITELINK ' END CONFIGURATION ' Taken from ADS_PROPERTY_OPERATION_ENUM const ADS_PROPERTY_APPEND = 3 365 set objRootDSE = GetObject("LDAP://RootDSE") set objLink = GetObject("LDAP://cn=" & strLink & _ ",cn=IP,cn=Inter-site Transports,cn=sites," & _ objRootDSE.Get("configurationNamingContext") ) strSiteDN = "cn=" & strSite & ",cn=sites," & _ objRootDSE.Get("configurationNamingContext") objLink.PutEx ADS_PROPERTY_APPEND, "siteList", Array(strSiteDN) objLink.SetInfo WScript.Echo "Successfully modified link: " & strLink 11.9.3 Discussion To associate a site with a site link, add the DN of the site to the siteList attribute of the siteLink object that represents the link. To remove a site from a link, do the reverse. Remove the DN associated with the site from the siteList attribute. 11.9.4 See Also Recipe 11.8 for finding the links associated with a site Recipe 11.10 Modifying the Cost for a Site Link 11.10.1 Problem You want to modify the cost for a site link. 11.10.2 Solution 11.10.2.1 Using a graphical user interface 1. Open the Active Directory Sites and Services snap-in. 2. In the left pane, expand Sites Inter-Site Transports. 3. Click either the IP or SMTP folder depending where the site link is stored. 4. In the right pane, double-click on the link you want to modify. 5. Under the General tab, you can change the cost for the site link. 6. Click OK. 11.10.2.2 Using a command-line interface Create an LDIF file called modify_site_link_cost.ldf with the following contents. Replace <LinkName> with the name of the site you want to modify. dn: cn=DEFAULTIPSITELINK,cn=IP,cn=inter-site transports,cn=sites,cn=configuration,<ForestRootDN> changetype: modify replace: cost cost: <LinkCost> 366 - Then run the following command: > ldifde -v -i -f modify_site_link_cost.ldf 11.10.2.3 Using VBScript ' This code modifies the cost attribute of a site link ' SCRIPT CONFIGURATION strLink = "<SiteLink>" ' e.g. DEFAULTIPSITELINK intCost = <LinkCost> ' e.g. 200 ' END CONFIGURATION set objRootDSE = GetObject("LDAP://RootDSE") set objLink = GetObject("LDAP://cn=" & strLink & _ ",cn=IP,cn=Inter-site Transports,cn=sites," & _ objRootDSE.Get("configurationNamingContext") ) objLink.Put "cost", intCost objLink.SetInfo WScript.Echo "Successfully modified link: " & strLink 11.10.3 Discussion The cost attribute is one of the most important attributes of siteLink objects. cost is used by the KCC to determine what connection objects should be created to allow domain controllers to replicate data. cost is inversely proportional to bandwidth. The lower the cost, the greater the bandwidth. The number you use for the cost is also arbitrary; the default is 100. You could use 100-1,000 as the range for your site link costs, or you could use 1-10. The actual number isn't important, it is relative based on the other site links. Recipe 11.11 Disabling Site Link Transitivity or Site Link Schedules 11.11.1 Problem You want to disable site link transitivity to control replication. 11.11.2 Solution 11.11.2.1 Using a graphical user interface 1. Open the Active Directory Sites and Services snap-in. 2. In the left pane, expand Sites Inter-Site Transports. 3. Right-click either the IP or SMTP folder depending which protocol you want to disable transitivity or ignore schedules for. 367 4. Select Properties. 5. To disable site link transitivity, uncheck Bridge all site links. 6. To ignore site link schedules, check Ignore schedules. 7. Click OK. 11.11.2.2 Using a command-line interface You can modify the options attribute of a site link object using an LDIF file and ldifde, but since the attribute is a bit flag, you are better off using the GUI or VBScript solutions that look at the current value of options and modify it accordingly. ldifde doesn't handle this type of logic. 11.11.2.3 Using VBScript ' This code can disable site link transitivity and site ' schedules for all links of the IP transport. ' The code for the CalcBit function can be found in Recipe 4.12 SCRIPT CONFIGURATION boolDisableTrans = <TrueOrFalse> ' e.g. TRUE boolIgnoreSchedules = <TrueOrFalse> ' e.g. FALSE ' END CONFIGURATION set objRootDSE = GetObject("LDAP://RootDSE") set objLink = GetObject( _ "LDAP://cn=IP,cn=Inter-site Transports,cn=sites," & _ objRootDSE.Get("configurationNamingContext") ) intBitsOrg = objLink.Get("options") intBits = CalcBit(intBitsOrig, 2, boolDisableTrans) intBits = CalcBit(intBitsOrig, 1, boolIgnoreSchedules) if objLink.Get("options") <> intBits then objLink.Put "options", intBits objLink.SetInfo WScript.Echo "Successfully modified link transitivity for " & strLink else WScript.Echo "Did not need to modify link transitivity for " & strLink end if 11.11.3 Discussion Active Directory site links are transitive, which means that if site A is linked to site B, and site B is linked to site C, then site A is also be linked (through site B) to site C. The Knowledge Consistency Checker (KCC) uses transitivity by default when making decisions about creating connection objects. You can disable this behavior if you want. Typically this is not something you'll want to do unless you know what you are doing. Disabling transitivity may be necessary for some Windows 2000 deployments that have a lot of sites and find that the KCC is having a hard time keeping up. With Windows Server 2003, the KCC has been greatly improved and site link transitivity should not cause problems. The other reason you might want to disable transitivity is if you need to make replication more deterministic. Disabling transitivity makes it much easier to determine where the KCC will 368 attempt to establish connection objects, because the KCC on a domain controller will not be able to replicate with domain controllers that are not in sites that are directly linked. I mention site link schedules here primarily because the same attribute (i.e., options) that determines site link transitivity also determines if link schedules are enforced. If you enable the ignore schedules option for a particular transport (i.e., IP or SMTP), the KCC ignores any preconfigured link schedules. If you later disable this setting, link schedules will go back into effect. 11.11.4 See Also Recipe 4.12 for more on setting a bit-flag attribute Recipe 11.12 Creating a Site Link Bridge 11.12.1 Problem You want to create a site link bridge because you've disabled site link transitivity. 11.12.2 Solution 11.12.2.1 Using a graphical user interface 1. Open the Active Directory Sites and Services snap-in. 2. In the left pane, expand Sites Inter-Site Transports. 3. Right-click either the IP or SMTP folder depending which protocol you want to create a site link bridge for. 4. Select New Site Link Bridge. 5. Highlight two or more sites in the left box. 6. Click the Add button. 7. Click OK. 11.12.2.2 Using a command-line interface Create an LDIF file called create_site_link_bridge.ldf with the following contents, where <Link1> and <Link2> refer to the site links to be bridged: dn: cn=<BridgeName>,cn=IP,cn=inter-site transports,cn=sites,cn=configuration,<ForestRootDN> changetype: add objectclass: siteLinkBridge siteLinkList: cn=<Link1>,cn=IP,cn=Inter-site Transports,cn=sites,cn=configuration, <ForestRootDN> siteLinkList: cn=<Link2>,cn=IP,cn=Inter-site Transports,cn=sites,cn=configuration, <ForestRootDN> 369 Then run the following command: > ldifde -v -i -f create_site_link_bridge.ldf 11.12.2.3 Using VBScript ' This code creates a site link bridge between two site links ' SCRIPT CONFIGURATION strLink1 = "<Link1>" ' e.g. AMS-LON strLink2 = "<Link2>" ' e.g. SJC-RTP strBridge = "<BridgeName>" ' e.g. AMER-EUR ' END CONFIGURATION set objRootDSE = GetObject("LDAP://RootDSE") set objLinkCont = GetObject( _ "LDAP://cn=IP,cn=Inter-site Transports,cn=sites," & _ objRootDSE.Get("configurationNamingContext") ) set objBridge = objLinkCont.Create("siteLinkBridge", "cn=" & strBridge) strLink1DN = "cn=" & strLink1 & _ ",cn=IP,cn=Inter-site Transports,cn=sites," & _ objRootDSE.Get("configurationNamingContext") strLink2DN = "cn=" & strLink2 & _ ",cn=IP,cn=Inter-site Transports,cn=sites," & _ objRootDSE.Get("configurationNamingContext") objBridge.Put "siteLinkList", Array(strLink1DN,strLink2DN) objBridge.SetInfo WScript.Echo "Successfully created bridge: " & strBridge 11.12.3 Discussion If you've disabled site link transitivity or have networks that lack direct routes between sites, you will need to create site link bridges. Creating a site link bridge to link several links is analogous to creating a site link to link several sites. Lets take an example where site link transitivity is disabled and we have four sites; site A has a link to site B and site C has a link to site D. If we want domain controllers in sites A and B to replicate with sites C and D, we need to create a site link bridge to bridge the A-B link with C-D. 11.12.4 See Also Recipe 11.11 for disabling site link transitivity Recipe 11.13 Finding the Bridgehead Servers for a Site 11.13.1 Problem You want to find the bridgehead servers for a site. 370 11.13.2 Solution 11.13.2.1 Using a graphical user interface 1. Open the Replication Monitor from the Support Tools (replmon.exe). 2. From the menu, select View Options. 3. In the left pane, right-click on Monitored Servers and select Add Monitored Server. 4. Use the Add Monitored Server Wizard to add a server in the site you want to find the bridgehead server(s) for. 5. In the left pane, right-click on the server and select Show BridgeHead Servers In This Server's Site. 11.13.2.2 Using a command-line interface > repadmin /bridgeheads [<ServerName>] [/verbose] The /bridgeheads option is valid only with the Windows Server 2003 version of repadmin. There is no such option in the Windows 2000 version. 11.13.2.3 Using VBScript ' This code finds the bridgehead servers for the specified site. ' SCRIPT CONFIGURATION strServer = "<ServerName>" ' server to target query against, e.g. dc01 strSite = "<SiteName>" ' name of site to query ' e.g. Default-First-Site-Name ' END CONFIGURATION set objIadsTools = CreateObject("IADsTools.DCFunctions") intRes = objIadsTools.GetBridgeHeadsInSite(Cstr(strServer),Cstr(strSite),0) if intRes = -1 then Wscript.Echo "Error bridge heads: " & objIadsTools.LastErrorText WScript.Quit end if for count = 1 to intRes WScript.Echo vbTab & objIadsTools.BridgeHeadName(count) next 11.13.3 Discussion Bridgehead servers are responsible for replicating data between sites. Instead of all domain controllers replicating the same naming contexts outside of the site, the bridgehead servers act as a funnel for replication into and out of a site. Any domain controller in a site can become a bridgehead server and bridgeheads are designated by the KCC for each writeable partition in the site. You can control which servers are designated as bridgehead servers by defining preferred bridgehead servers. See Recipe 11.14 for more on how to do this. . right-click on Monitored Servers and select Add Monitored Server. 4. Use the Add Monitored Server Wizard to add a server in the site you want to find the bridgehead server( s) for. 5. In the left. Also Recipe 11.11 for disabling site link transitivity Recipe 11.13 Finding the Bridgehead Servers for a Site 11.13.1 Problem You want to find the bridgehead servers for a site. 370 11.13.2. only with the Windows Server 2003 version of repadmin. There is no such option in the Windows 2000 version. 11.13.2.3 Using VBScript ' This code finds the bridgehead servers for the specified