Contents Overview 1 Using Sites in Active Directory 2 Assessing the Need for Active Directory Sites 5 Using Site Links in a Network 9 Planning the Inter-Site Replication Topology 14 Planning for Server Placement in Sites 19 Demonstration: Active Directory Sizer 23 Lab A: Planning Sites to Control Active Directory Replication 24 Review 35 Module 8: Designing an Active Directory Site Topology Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows NT, Active Directory, BackOffice, PowerPoint, Visual Basic, and Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Other product and company names mentioned herein may be the trademarks of their respective owners. Project Lead: Andy Sweet (S&T OnSite) Instructional Designers: Andy Sweet (S&T OnSite), Ravi Acharya (NIIT), Sid Benavente, Richard Rose, Kathleen Norton Instructional Design Consultants: Paul Howard, Susan Greenberg Program Managers: Lorrin Smith-Bates (Volt), Megan Camp (Independent Contractor) Technical Contributors: Angie Fultz, Lyle Curry, Brian Komar (3947018 Manitoba, Inc.), Jim Clark (Infotec Commercial Systems), Bill Wade (Excell Data Corporation), David Stern, Steve Tate, Greg Bulette (Independent Contractor), Kathleen Cole (S&T OnSite) Graphic Artist: Kirsten Larson (S&T OnSite) Editing Manager: Lynette Skinner Editor: Jeffrey Gilbert (Wasser) Copy Editor: Patti Neff (S&T Consulting) Online Program Manager: Debbi Conger Online Publications Manager: Arlo Emerson (Aditi) Online Support: Eric Brandt (S&T Consulting) Multimedia Development: Kelly Renner (Entex) Testing Leads: Sid Benavente, Keith Cotton Testing Developer: Greg Stemp (S&T OnSite) Compact Disc and Lab Testing: Testing Testing 123 Production Support: Ed Casper (S&T Consulting) Manufacturing Manager: Rick Terek (S&T OnSite) Manufacturing Support: Laura King (S&T OnSite) Lead Product Manager, Development Services: Bo Galford Lead Product Managers: Dean Murray, Ken Rosen Group Product Manager: Robert Stewart Module 8: Designing an Active Directory Site Topology i Instructor Notes This module provides the information needed by students to design site topologies in Microsoft ® Windows ® 2000 Active Directory ™ directory service in order to optimize replication traffic. The module begins by explaining how to assess the need for sites. Next the module describes how to use site links in a network. Finally it covers how to plan for an inter-site replication topology and plan for server placement. At the end of this module, students will be able to: ! Describe how sites are used in Active Directory to configure replication topology to take advantage of the physical network. ! Assess the need for Active Directory sites in a network. ! Plan connectivity between sites by configuring the various components of site links. ! Explain the factors to consider while planning for inter-site replication in a Windows 2000-based network. ! Describe the guidelines that are used to plan for server placement in a site. Lab A, Planning Active Directory Server Placement, is a scenario-based planning lab that reinforces the methods for planning and documenting domain controller placement and illustrates the effect of domain controller placement on site topology. Students are given the physical structure of the network, as well as user, logon, and security information that plays a part in determining site and replication configuration. Students will work in pairs through scenarios for a medium-sized company and a large company. Students will identify site boundaries for both organizations. They will then use the Active Directory Sizer tool to determine the number and location of domain controllers, global catalog servers, and bridgehead servers in the various sites. They will also determine the locations of the single masters of operations. Materials and Preparation This section provides you with the required materials and preparation tasks that are needed to teach this module. Required Materials To teach this module, you need the Microsoft PowerPoint ® file 1561B_08.ppt. Preparation Tasks To prepare for this module, you should: ! Read all of the materials for this module. ! Complete the lab. ! Practice using the Active Directory Sizer tool, which is located in the Microsoft Windows 2000 Server Resource Kit. ! Read the following topic located in the Distributed Systems Guide in the Microsoft Windows 2000 Server Resource Kit: • Active Directory Replication Presentation: 60 Minutes Lab: 45 Minutes ii Module 8: Designing an Active Directory Site Topology Instructor Setup for a Lab This section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab. Lab A: Planning Sites to Control Active Directory Replication Ensure that Active Directory Sizer is installed and operational on student and instructor computers. Be sure to remind the students that a Bridgehead server is also a Global Catalog server and a domain controller. Also remind the students that it is a best practice to have redundant domain controllers in each site, even though the Active Directory Sizer tool indicates that only one is necessary. Active Directory Sizer only indicates the number of domain controllers needed to satisfy logon, authentication, and replication requirements of the organization. After the lab has been completed, discuss the results with the students. Demonstration This section provides demonstration procedures that will not fit in the margin notes or are not appropriate for the student notes. Active Directory Sizer ! To demonstrate Active Directory Sizer 1. Click Start, point to Programs, and then click Active Directory Sizer. 2. Click File, and then New. 3. In the Active Directory Wizard, enter a name for the domain, and then click Next. 4. Enter 10000 for the total number of users and 80% for number of users logged on during peak times. Use 25 for additional attributes. Click Next. 5. Use 25 for average number of groups a user will belong to. Type 100 for interactive, 10 for batch, and 10 for network in the average logon rate section, and then click Next. 6. Enter 45 days for password expiration and the default for additional access control entries (ACEs). Click Next. 7. Enter 10000 for the number of Windows 2000 computers, 1000 for other computers, and 1000 for other objects, and then click Next. 8. Use the defaults for CPU utilization and preferred CPU type. Click Next. 9. Use Weekly as the interval and 200 for add, 100 for delete, and 50 for modify, and then click Next. 10. Use 20- average messages and the default for number of recipients. Click Next. Module 8: Designing an Active Directory Site Topology iii 11. Select Yes for Active Directory enabled DNS, 1000 for dial-in connections, and the defaults for Dynamic Host Configuration Protocol (DHCP) lease and NoRefreshInterval. Click Next. 12. Leave the Services using Active Directory section blank (default), and explain to your students that you would consult the documentation of an application when filling in this numbers. Click Next. 13. Click Finish. Point out the number of objects and the number of Domain Controllers (servers) needed for this domain. Also, point out the size of the Active Directory and the Global catalog. Point out that bridgehead servers are also domain controllers and Global catalog servers. ! To use Active Directory Sizer to plan sites 1. Right-click Site Configuration in the left pane, and then click Add Site. 2. Enter a site name (ex. Chicago), and then click Apply. Enter a new site name (ex. Paris), and then click Apply. Enter a third site name (ex. Nairobi), click Apply, and then click OK. 3. Right-click Default-first site in the left pane, and then click Distribute Users. 4. Click Default-first Site in the Source Site window, and then type 6000 in the Users to Move box. Click Chicago in the destination site window, and then click Apply. 5. Click Default-first Site in the Source Site window, and then type 3500 in the Users to Move box. Click Paris in the destination site window, and then click Apply. 6. Click Default-first Site in the Source Site window, and then type 500 in the Users to Move box. Click Nairobi in the destination site window, and then click Apply. 7. Click My Domain in the left pane of Active Directory Sizer, and then point out the new server distributions in the right pane to your students. Explain that even though only one DC may be indicated in a site, redundancy should be built into the design. Module Strategy Use the following strategy to present this module: ! Using Sites in Active Directory Describe the role of sites in Active Directory replication and how sites are used to manage network traffic. Explain the factors that affect replication and the strategies that can be used for inter-site and intra-site replication. ! Assessing the Need for Active Directory Sites The module offers methods for determining whether a site is necessary, and how to document the site design. Describe in detail the factors that need to be considered when assessing the need for sites in an Active Directory structure. iv Module 8: Designing an Active Directory Site Topology ! Using Site Links in a Network Explain the components of site links and discuss how sites are linked. Finally, describe how the need of site links is assessed in an Active Directory structure. ! Planning the Inter-Site Replication Topology The section explains the concepts necessary to plan an inter-site replication topology for a Windows 2000-based network. Explain how the replication transport needs to be chosen for a given scenario. Describe the guidelines to consider when delegating bridgehead servers in a site. Explain the purpose of an Inter-site topology generator and, finally, explain the purpose of the least-cost spanning tree. ! Planning for Server Placement in Sites Explain how the placement of the various servers affects the site topology of a network. Discuss the placement of global catalog servers, operation masters, and bridgehead servers. Demonstrate the use of the Active Directory Sizer utility that is provided with Windows 2000 to estimate the network configuration required for a given organizational scenario. Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs. This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware. This module includes only a computer-based interactive lab exercise, and as a result, there are no lab setup requirements or configuration changes that affect replication or customization. Module 8: Designing an Active Directory Site Topology 1 Overview ! Using Sites in Active Directory ! Assessing the Need for Active Directory Sites ! Using Site Links in a Network ! Planning the Inter-Site Replication Topology ! Planning for Server Placement in Sites Sites are used to organize well-connected computers within an organization to optimize network bandwidth. Excessive network traffic can occur between remote locations due to frequent exchange of large amounts of data and directory information. Designing an appropriate site topology in Microsoft ® Windows ® 2000 Active Directory™ directory service helps you better organize your Windows 2000 network and optimize the exchange of data and directory information. At the end of this module, you will be able to: ! Describe the purpose of sites and their role in Active Directory replication. ! Assess the need for Active Directory sites. ! Plan for the creation of site links and site link bridges. ! Plan an inter-site replication topology. ! Plan for server placement in sites. Slide Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will learn how to design an Active Directory site topology. 2 Module 8: Designing an Active Directory Site Topology # ## # Using Sites in Active Directory Sites Control: $ Workstation logon traffic $ Replication traffic $ Dfs topology $ FRS $ Other Site-Aware Applications Paris Site 192.168.2.0 192.168.3.0 nwtraders.msft nwtraders.msft Redmond Site 192.168.4.0 A site is a collection of well-connected machines, based on Internet Protocol (IP) subnets. You use sites in Active Directory to define the physical structure of your network. A site consists of one or more subnets. For example, if a network has one subnetin Redmond and two subnets in Paris, the administrator can create one site in Redmond and one in Paris, and add the subnets to the local sites. Sites may contain domain controllers from one or more domains. You can use sites to optimize network bandwidth in the following ways: ! Workstation logon traffic. When a user logs on, Windows 2000 searches for a domain controller in the same site as the workstation. ! Replication traffic. When a change occurs in Active Directory, sites can be used to control how and when the change is replicated to domain controllers in another site. ! Distributed file system (Dfs) topology. When a shared file or folder has multiple locations, a user will be directed to a server in his or her own site, if one exists. Localizing the availability of servers in a site reduces traffic across slow links. ! File Replication service (FRS). FRS is used to replicate the contents of the SYSVOL directory, which includes logon and logoff scripts, Group Policy settings, and system policies for Windows 95, Windows 98 and Windows NT ® version 4.0. FRS uses sites to determine its replication topology. ! By using other site-aware applications. A site-aware application is a directory-enabled application that connects a client with a server in its own site, if the server is available there. As third party applications are developed, they may also make use of sites to allow clients to connect to shares within their own sites. Dfs and FRS point clients to servers within their site before pointing them to servers outside their site. Slide Objective To describe the purpose of sites in an Active Directory environment. Lead-in Sites are related to the physical structure of a network and are configured so that network bandwidth usage can be optimized when replication takes place. Module 8: Designing an Active Directory Site Topology 3 Active Directory uses site information in the following ways: ! The Knowledge Consistency Checker (KCC) generates a replication topology that is primarily used within sites rather than between sites. This intra-site topology may increase network traffic, but will reduce replication latency. ! Windows 2000 client computers use site information to find nearby domain controllers for logon and query operations. 4 Module 8: Designing an Active Directory Site Topology Factors Affecting Replication nwtraders.msft nwtraders.msft Redmond Charlotte Inter-Site Replication Inter-Site Replication Intra-Site Replication Intra-Site Replication $ Replication latency $ Replication efficiency $ Replication cost To optimize network bandwidth during replication, you must consider the factors that affect replication. The three significant replication factors include: ! Replication latency. The time needed for one domain controller to receive a change made on another domain controller. ! Replication efficiency. The ability to batch together the number of changes sent with each update. ! Replication cost. The amount of bandwidth needed to replicate the changes between domain controllers. In a given network, optimizing one of these replication factors will impact the other factors. For example, a frequent replication interval lowers the replication latency and raises the replication cost and efficiency. Intra-site Replication Replication latency within a site is low, because of the high network bandwidth available within a site. Low latency ensures that users within the site will have access to the most recent information at all times. Replication within a site will take place five minutes after a change has occurred. The originating server will notify its replication partners of the change, and they will, in turn, request the change. Inter-site Replication Usually there is limited bandwidth available for replication between sites. Before being replicated, data is compressed to about 10 percent of original volume to reduce the amount of data on the network. To optimize the limited network bandwidth and replication efficiency even more, you can raise replication latency by scheduling when replication will occur between sites. Slide Objective To describe the factors influencing inter-site and intra-site replication in an Active Directory structure. Lead-in While planning replication in an Active Directory environment, you need to balance replication latency, replication efficiency, and replication cost. [...]... network and Active Directory tasks required on the network Active Directory Sizer also estimates the size of the Active Directory and is used to plan sites and site links 24 Module 8: Designing an Active Directory Site Topology Lab A: Planning Sites to Control Active Directory Replication Slide Objective To introduce the lab Lead-in In this lab, you will create an optimal replication plan for an organization... functional You can create site links that allow domain controllers from any site to communicate with domain controllers in any other site 10 Module 8: Designing an Active Directory Site Topology Planning Site Link Schedules and Costs Slide Objective To explain the guidelines for planning the schedules and costs of site links in an Active Directory environment Lead-in While planning for site links, you... minutes Module 8: Designing an Active Directory Site Topology 25 Exercise 1 Site Planning for a Medium-sized Organization You will have 30 minutes to complete this exercise You will create an optimal Active Directory site plan for Woodgrove Bank, a medium-sized company Scenario Woodgrove Bank is a regional bank with 200 branches located in Ohio, Illinois, and Indiana Below is a map of Woodgrove Bank’s... 28 % Branch Offices Branch Offices Columbus 20% 56K Indianapolis Branch Offices Branch Offices Branch Offices Branch Offices DCs 1 _ GCs 1 _ Module 8: Designing an Active Directory Site Topology 29 Exercise 2: Planning for Site Replication at a Large Organization You will have 30 minutes to complete this exercise You will create an optimal Active Directory replication plan for a large organization... in A and C will never replicate with each other Module 8: Designing an Active Directory Site Topology 11 Site Link Cost Site link cost is a number that represents the priority an organization assigns to replication traffic between the sites identified in the site link For example, an IP site link named Red-Cha-Atl connects three sites, Redmond, Charlotte, and Atlanta, with a cost of 1 This tells Active. .. queries a global catalog server must handle can increase extensively in a large Exchange environment Try to place a global catalog server in each site that contains an Exchange server Module 8: Designing an Active Directory Site Topology 21 Planning Placement of Operation Masters Slide Objective To explain how placement of operation masters can be planned in an Active Directory environment nwtraders.msft... cost of 4 ! Site link bridge Red-Cha-Atl connects Red-Cha and Cha-Atl The site link bridge Red-Cha-Atl implies that an IP message can be sent from Redmond to Atlanta with a cost of 3 plus 4, or 7 Module 8: Designing an Active Directory Site Topology 13 Each site link in a bridge needs to have a site in common with another site link in the bridge If not, the bridge cannot compute the cost from sites in... able to: ! Use the Active Directory Sizer to determine placement of Active Directory servers ! Create an optimal Active Directory replication plan for an organization Prerequisites Before working on this lab, you must have: ! Knowledge of the advantages and disadvantages of intra -site and inter -site Active Directory replication ! Knowledge of types of information needed to make a site determination... message can be sent from site Paris to site Atlanta with a cost of 2 plus 3 plus 4, or 9 14 Module 8: Designing an Active Directory Site Topology # Planning the Inter -Site Replication Topology Slide Objective To explain the factors to consider when planning inter -site replication in a Windows 2000-based network Lead-in Two sites are generally connected by slower links, and therefore appropriate planning... transport, while an unreliable network connection may use an asynchronous transport Module 8: Designing an Active Directory Site Topology 15 Choosing Inter -Site Replication Transports Slide Objective To determine the appropriate transport to be used for replication between sites ! Synchronous Transfer Requires Reliable Connections Lead-in You can use the RPC over TCP/IP transport for synchronous transfer . Module 8: Designing an Active Directory Site Topology 1 Overview ! Using Sites in Active Directory ! Assessing the Need for Active Directory Sites ! Using. Lead-in In this module, you will learn how to design an Active Directory site topology. 2 Module 8: Designing an Active Directory Site Topology # ## #