04-Configuring Active Directory Sites and Replication

• Overview of Active Directory Domain Services Replication?. • Overview of AD DS Sites and Replication?[r]

Module Overview

• Overview of Active Directory Domain Services Replication

• Overview of AD DS Sites and Replication

Lesson 1: Overview of Active Directory Domain Services Replication

• How Active Directory Replication Works

• How AD DS Replication Works Within a Site

• Resolving Replication Conflicts

• Optimizing Replication

• What Are Directory Partitions?

• What Is Replication Topology?

• How Directory Partitions and the Global Catalog Are Replicated

• How the Replication Topology Is Generated

How Active Directory Replication Works Active Directory replication:

• Uses a multimaster model

• Uses pull replication

• Uses store and forward replication

• Uses loose consistency with convergence

• Addition of an object to Active Directory

• Modification of an object’s attribute values

How AD DS Replication Works Within a Site In a single site:

• Domain controllers notify replication partners when updates are applied

• For normal updates, the change notification happens 15 seconds after the change is applied

• Notifications for security related changes are sent immediately

Resolving Replication Conflicts

In a multimaster replication model, replication conflicts can arise when:

• The same attribute is changed on two domain controllers simultaneously

• An object is moved or added to a deleted container on another domain controller

• Two objects with the same relative distinguished name are

added to the same container on two different domain controllers

To resolve replication conflicts, AD DS uses:

Optimizing Replication

• In a multimaster replication model, AD DS updates can be replicated using multiple paths

• AD DS uses update sequence numbers, high watermarks, and up-to-dateness vectors to ensure that updates

What Are Directory Partitions? Active Directory Database Active Directory Database Configurable replication Domain Forest Schema Configuration <Domain> <Application>

Definitions and rules for creating and manipulating objects and attributes

Information about the Active Directory structure Information about domain-specific objects

Information about applications

Domain A Topology

Domain controllers in the same domain

Domain controllers in the same domain

A1 A2

A3 A4

What Is Replication Topology?

Domain A Topology Domain B Topology

A1 A2

A3 A4

B1

B2

B3

Domain controllers from various domains

How Directory Partitions and the Global Catalog Are Replicated

Domain A topology Domain B topology

Schema and configuration topology

Global catalog replication

A1 A2 A3 A4 B1 B2 B3 Domain controllers from various domains

Domain controllers from various domains

How the Replication Topology Is Generated

• Each domain controller has two replication partners for each Active Directory partition

• The KCC creates two one-way connection objects

between replication partners to ensure that no two domain controllers are ever more than three network hops away

• When a new domain controller is added to a site, the KCC recalculates connection objects

• Connection objects can replicate one or more partitions

Demonstration: Creating and Configuring Connection Objects

In this demonstration, you will see how to create

Lesson 2: Overview of AD DS Sites and Replication

• What Are AD DS Sites and Site Links?

• Discussion: Why Implement Additional Sites?

• Demonstration: Configuring AD DS Sites

• How Replication Works Between Sites

• Comparing Replication Within Sites and Between Sites

• Demonstration: Configuring AD DS Site Links

• What Is the Inter-site Topology Generator?

What Are AD DS Sites and Site Links? Site IP Subnet IP Subnet IP Subnet IP Subnet A1 A2 Site Link Site Link IP Subnet IP Subnet IP Subnet IP Subnet Site B3 B1 B2 Sites:

• Identify network locations with fast reliable network connections

Discussion: Why Implement Additional Sites?

• Why would an organization choose to implement additional sites?

Demonstration: Configuring AD DS Sites In this demonstration, you will see how to:

• Create sites and subnets

Site A1

A2

Site Link

Site Link

Site

B3

B1 B2

You can configure:

• Replication paths between sites

• Replication schedules and frequency

• Replication protocols

Comparing Replication Within Sites and Between Sites

Replication Within Sites:

Assumes fast and highly reliable network links

Does not compress replication traffic

Uses a change notification mechanism

Replication Between Sites:

Assumes limited available bandwidth and unreliable network links

Compresses all replication traffic between sites

Demonstration: Configuring AD DS Site Links In this demonstration, you will see how to:

• Configure the default site link

• Create additional site links

What Is the Inter-site Topology Generator? IP Subnet IP Subnet A1 A2 Bridgehead server Bridgehead server Replication Replication B2 Bridgehead server Bridgehead server B1 Replication Replication IP Subnet IP Subnet IP Subnet IP Subnet Replication Replication IP Subnet IP Subnet

Inter-site topology generator

Inter-site topology generator

• The inter-site

topology generator defines the

replication between sites on a network

Inter-site topology generator

How Unidirectional Replication Works

• Unidirectional replication ensures that changes to a read-only domain

Lesson 3: Configuring and Monitoring AD DS Replication

• What Is a Bridgehead Server?

• Demonstration: Configuring Bridgehead Servers

• Demonstration: Configuring Replication Availability and Scheduling

• What Is Site Link Bridging?

• Demonstration: Modifying Site Link Bridges

• What Is Universal Group Membership Caching?

• Demonstration: Configuring Universal Group Membership Caching

What Is a Bridgehead Server?

A bridgehead server:

• Sends and receives replicated data

• Is designated for each partition in the site

IP Subnet

IP Subnet

IP Subnet

IP Subnet Bridgehead ServerBridgehead Server

Demonstration: Configuring Bridgehead Servers In this demonstration, you will see how to configure

Demonstration: Configuring Replication Availability and Frequency

What Is Site Link Bridging? IP Subnet IP Subnet IP Subnet IP Subnet Site B IP Subnet IP Subnet IP Subnet IP Subnet Site A IP Subnet IP Subnet IP Subnet IP Subnet A1 A2

Site Link Bridge

Site Link Bridge

B2

Site Link BC

Site Link BC

Site Link AB

Site Link AB

B1

B3

C2 C1

Demonstration: Modifying Site Link Bridges In this demonstration, you will see how to:

• Disable site link bridging

What Is Universal Group Membership Caching? IP Subnet IP Subnet A1 A2 Bridgehead server Bridgehead server Bridgehead server Bridgehead server B1 IP Subnet IP Subnet IP Subnet IP Subnet IP Subnet IP Subnet

Global Catalog Server

Global Catalog Server

• Enables domain

controllers in a site with no global

catalog servers to cache universal

Demonstration: Configuring Universal Group Membership Caching

In this demonstration, you will see how to:

• Configure universal group membership caching for a site

Demonstration: Tools for Monitoring and Managing Replication

In this demonstration you will see how to:

• Identify the domain controller holding the ISTG role

• Force the KCC to run, and how to force replication

Lab: Configuring Active Directory Sites and Replication

• Exercise 1: Configuring AD DS Sites and Subnets

• Exercise 2: Configuring AD DS Replication

• Exercise 3: Monitoring AD DS Replication

Logon information

Virtual machine NYC-DC1, LON-DC1, MIA-RODC,

NYC-RAS

User name Administrator

Password Pa$$w0rd

Lab Review

• What additional changes would you need to make to the AD DS site configuration if you needed to ensure that all replication traffic in the New-York site passed through NYC-DC2?

• What additional changes would you need to make if you implemented another WAN connection between Tokyo and London, and wanted to use that WAN connection for AD DS replication instead of routing all replication changes through NewYork-Site?

Module Review and Takeaways

• Review questions

• Considerations for configuring AD DS sites and replication

Beta Feedback Tool

• Beta feedback tool helps:

 Collect student roster information, module feedback, and course evaluations

 Identify and sort the changes that students request, thereby facilitating a quick team triage

 Save data to a database in SQL Server that you can later query

Beta Feedback

• Overall flow of module:

 Which topics did you think flowed smoothly, from topic to topic?

 Was something taught out of order?

• Pacing:

 Were you able to keep up? Are there any places where the pace felt too slow?

 Were you able to process what the instructor said before moving on to next topic?

 Did you have ample time to reflect on what you learned? Did you have time to formulate and ask questions?

• Learner activities:

 Which demos helped you learn the most? Why you think that is?

 Did the lab help you synthesize the content in the module? Did it help you to understand how you can use this

knowledge in your work environment?

 Were there any discussion questions or reflection questions that really made you think? Were there questions you