module 7: implementing sites to manage active directory replication
TRANSCRIPT
![Page 1: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/1.jpg)
Module 7: Implementing Sites to Manage Active Directory Replication
![Page 2: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/2.jpg)
Overview
Introduction to Active Directory Replication
Creating and Configuring Sites
Managing Site Topology
Troubleshooting Replication Failures
Planning a Site
![Page 3: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/3.jpg)
Lesson: Introduction to Active Directory Replication
Multimedia: Replication Within Sites
Replication of Linked Multivalued Attributes
What Are Directory Partitions?
What Is Replication Topology?
Automatic Generation of Replication Topology
Global Catalog and Replication of Partitions
![Page 4: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/4.jpg)
Multimedia: Replication Within Sites
![Page 5: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/5.jpg)
Replication of Linked Multivalued Attributes
Forest functional level What happens?
< Windows Server 2003Change triggers replication of the entire membership list
= Windows Server 2003 Replication occurs by individual value instead of the whole attribute
Replication of linked multivalued attributes depends on the forest functional levelReplication of linked multivalued attributes depends on the forest functional level
![Page 6: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/6.jpg)
What Are Directory Partitions?
Active Directory DatabaseActive Directory Database
Configurablereplication
Domain
Forest Schema
Configuration
<Domain>
<Application>
Definitions and rules for creating and manipulating objects and attributes
Definitions and rules for creating and manipulating objects and attributes
Information about the Active Directory structureInformation about the Active Directory structure
Information about domain-specific objectsInformation about domain-specific objects
Information about applicationsInformation about applications
Contains:
![Page 7: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/7.jpg)
What Is Replication Topology?
Domain Controllers from the Same DomainDomain Controllers from the Same Domain
A1 A2
A3 A4
Domain A TopologySchema and ConfigurationTopology
Domain A TopologyDomain B TopologySchema and ConfigurationTopology
A1 A2
A3 A4
B1
B2
B3
Domain Controllers from Various DomainsDomain Controllers from Various Domains
![Page 8: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/8.jpg)
Automatic Generation of Replication Topology
A1A2
A7A6
A3
A5
A4
KCCKCC
KCC
KCCKCC
KCC
KCC
A8
KCC
Automatic Generation of Replication Topology
![Page 9: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/9.jpg)
Global Catalog and Replication of Partitions
Partial Directory Partition Replica
Schema
Configuration
Global Catalog Server
Holds read only copy of all domain directory partitionsHolds read only copy of all domain directory partitions
contoso.msftnamerica.contoso.msft
contoso.msftnamerica.contoso.msft
A1 A2
A3 A4
B1
B2
B3
Domain A TopologySchema/Config Topology
Domain A TopologyDomain B TopologySchema and ConfigurationTopology
![Page 10: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/10.jpg)
Practice: Introduction to Active Directory Replication
In this practice, you will examine the Active Directory replication configuration
![Page 11: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/11.jpg)
Lesson: Creating and Configuring Sites
What Are Sites and Subnet Objects?
What Are Site Links?
Replication Within Sites vs. Replication Between Sites
How to Create and Configure Sites and Subnets
How to Create and Configure Site Links
Why Disable Default Bridging of All Site Links?
How to Create a Site Link Bridge
![Page 12: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/12.jpg)
What Are Sites and Subnet Objects?
Active Directory Sites and ServicesConsole Window Help
Active View
Tree
Active Directory Sites and ServicesSites
Default-First-Site-NameServers
Inter-Site Transports
Subnets
SiteInter-Site Transport ContainerSiteSubnets Container
Name Type
Redmond-Site
Default-First-Site-NameInter-Site TransportsRedmond-SiteSubnets
DENVERNTDS Settings
Default-First-Site-Name
Redmond-Site
B1
A1IP SubnetIP SubnetIP SubnetIP Subnet
IP SubnetIP Subnet
![Page 13: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/13.jpg)
What Are Site Links?
Site
IP SubnetIP Subnet
IP SubnetIP Subnet
A1
A2
RPC or SMTP
Site LinkSite Link
IP SubnetIP SubnetIP SubnetIP Subnet
Site
B3
B1 B2
CostCost
A site link:A site link:
Enables replication traffic between sites
Represents the physical connection between sites
Enables replication traffic between sites
Represents the physical connection between sites
![Page 14: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/14.jpg)
Replication Within Sites vs. Replication Between Sites
Replication Within Sites:
Assumes fast and highly reliable network links
Does not compress replication traffic
Uses a change notification mechanism
Replication Between Sites:
Assumes limited available bandwidth and unreliable network linksCompresses all replication traffic between sites Occurs on a manual schedule
IP SubnetIP Subnet
A1
A2
IP SubnetIP Subnet
ReplicationReplication
IP SubnetIP Subnet
A1
A2
IP SubnetIP Subnet
ReplicationReplication
IP SubnetIP Subnet
B1
B2
IP SubnetIP Subnet
ReplicationReplication
ReplicationReplication
![Page 15: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/15.jpg)
How to Create and Configure Sites and Subnets
Your instructor will demonstrate how to:Your instructor will demonstrate how to:
Create a site
Create a subnet object
Associate a site with a subnet object
Move a domain controller to a different site
Delegate control of a site
Create a site
Create a subnet object
Associate a site with a subnet object
Move a domain controller to a different site
Delegate control of a site
![Page 16: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/16.jpg)
How to Create and Configure Site Links
Your instructor will demonstrate how to:Your instructor will demonstrate how to:
Create a site link
Configure site link properties
Create a site link
Configure site link properties
![Page 17: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/17.jpg)
Why Disable Default Bridging of All Site Links?
IP SubnetIP SubnetIP SubnetIP Subnet
Site B
IP SubnetIP SubnetIP SubnetIP Subnet
Site A
IP SubnetIP SubnetIP SubnetIP Subnet
A1
A2
Site Link BridgeSite Link Bridge
B2
Site Link BCSite Link BCSite Link ABSite Link AB
B1
B3
C2
C1
Site C
![Page 18: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/18.jpg)
How to Create a Site Link Bridge
Your instructor will demonstrate how to:Your instructor will demonstrate how to:
Disable default bridging of all site links
Create a new site link bridge
Disable default bridging of all site links
Create a new site link bridge
![Page 19: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/19.jpg)
Practice: Creating and Configuring Sites
In this practice, you will:
Create IP subnet and site objects
Associate subnet objects with sites
Move server objects into the site
Create IP site links between sites
Configure the replication cost, schedule, and interval of the links
![Page 20: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/20.jpg)
Lesson: Managing Site Topology
What Is a Bridgehead Server?
What Is the Intersite Topology Generator?
How to Create a Preferred Bridgehead Server
How to Refresh the Replication Topology
How to Force Replication over a Connection
![Page 21: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/21.jpg)
What Is a Bridgehead Server?
A bridgehead server:A bridgehead server:
Sends and receives replicated data
Is designated for each partition in the site
Sends and receives replicated data
Is designated for each partition in the site
IP SubnetIP Subnet
IP SubnetIP SubnetA1
Bridgehead ServerBridgehead Server
ReplicationReplication
IP SubnetIP Subnet
IP SubnetIP Subnet B1
Bridgehead ServerBridgehead Server
![Page 22: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/22.jpg)
What Is the Intersite Topology Generator?
IP SubnetIP Subnet
A1
A2
Bridgehead
Server
Bridgehead
Server
ReplicationReplicationB2
Bridgehead ServerBridgehead Server
B1
ReplicationReplication
IP SubnetIP Subnet
IP SubnetIP Subnet
ReplicationReplication
IP SubnetIP Subnet
Intersite Topology GeneratorIntersite Topology Generator
Intersite topology generator defines the
replication between sites on a network
Intersite topology generator defines the
replication between sites on a network
![Page 23: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/23.jpg)
How to Create a Preferred Bridgehead Server
Your instructor will demonstrate how to create a preferred bridgehead serverYour instructor will demonstrate how to create a preferred bridgehead server
![Page 24: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/24.jpg)
How to Refresh the Replication Topology
Your instructor will demonstrate how to:Your instructor will demonstrate how to:
Determine what domain controller holds the intersite topology generator role in the site
Force the KCC to run
Determine what domain controller holds the intersite topology generator role in the site
Force the KCC to run
![Page 25: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/25.jpg)
How to Force Replication over a Connection
Your instructor will demonstrate how to force replication over a connectionYour instructor will demonstrate how to force replication over a connection
![Page 26: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/26.jpg)
Practice: Manually Initiating Replication
In this practice, you will:
View the current connection objects
Delete an automatically generated connection object
Refresh the replication topology
Verify that Active Directory recreated the connection object
![Page 27: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/27.jpg)
Lesson: Troubleshooting Replication Failures
Common Replication Problems
What Is Replication Monitor?
How to Configure Replication Monitor
What Is the Repadmin Tool?
What Is the Dcdiag Tool?
How to Determine the Cause of a Problem
How to Resolve Replication Problems
![Page 28: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/28.jpg)
Common Replication Problems
Symptom Possible causes
Replication does not finish or occur
Sites not connected by site linksNo bridgehead server in the site
Replication is slow Inefficient site topology and schedule
Client computers receive a slow response
No domain controller online in client siteNot enough domain controllers
Replication greatly increases network traffic
Insufficient bandwidthIncorrect site topology
The KCC cannot complete the topology Exception in the KCC
![Page 29: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/29.jpg)
What Is Replication Monitor?
Replication Monitor
Displays: Replication topology Replicating partner USN values Number of failed attempts Flags
Displays: Replication topology Replicating partner USN values Number of failed attempts Flags
Polls the server at an administrator-defined interval
Polls the server at an administrator-defined interval
Monitors the count of failed replication attempts
Monitors the count of failed replication attempts
Triggers the KCC to recalculate the replication topology
Triggers the KCC to recalculate the replication topology
Synchronizes partitions between two domain
controllers
Synchronizes partitions between two domain
controllersShows which objects have not been replicated
Shows which objects have not been replicated
![Page 30: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/30.jpg)
How to Configure Replication Monitor
Your instructor will demonstrate how to configure Replication MonitorYour instructor will demonstrate how to configure Replication Monitor
![Page 31: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/31.jpg)
What Is the Repadmin Tool?
Use the Repadmin command-line tool to:Use the Repadmin command-line tool to:
View and manually create the replication topology
Force replication events between domain controllers
View the replication metadata
View and manually create the replication topology
Force replication events between domain controllers
View the replication metadata
Syntax: repadmin command arguments [/u:[domain\]user pw:{password|*}]
Syntax: repadmin command arguments [/u:[domain\]user pw:{password|*}]
![Page 32: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/32.jpg)
What Is the Dcdiag Tool?
Use the Dcdiag command-line tool to:Use the Dcdiag command-line tool to:
Analyze the state of a domain controller and report any problems
Perform a series of tests to verify different areas of the system
Analyze the state of a domain controller and report any problems
Perform a series of tests to verify different areas of the system
Syntax: dcdiag command arguments [/v /f:LogFile /ferr:ErrLog ]
Syntax: dcdiag command arguments [/v /f:LogFile /ferr:ErrLog ]
![Page 33: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/33.jpg)
How to Determine the Cause of the Problem
Possible causes Testing methodSites are not connected by site links Dcdiag /test:Topology
No bridgehead server in the site Repadmin /bridgeheadsInefficient site topology and schedule Repadmin /latency
No domain controller online in the site
Dcdiag /test:Replication Dcdiag /test:Connectivity
Not enough domain controllers System monitor NTDS counters
Incorrect site topology
Active Directory Sites and ServicesRepadmin /latencyDcdiag /test:Intersite
Exception in the KCC Dcdiag /test:kccevent
![Page 34: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/34.jpg)
How to Resolve Replication Problems
Cause Resolution methodSites are not connected by site links Create and configure site links
No bridgehead server in the site Add or remove domain controllers from the preferred bridgehead server list
Inefficient site topology and schedule Modify the site topology and schedule
No domain controller online in the site Install or fix domain controllers
Not enough domain controllers Install additional domain controllers
Incorrect site topologyModify the site topologyEnsure site links match WAN links
Exception in the KCCEnable KCC loggingRun Repadmin /kcc
![Page 35: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/35.jpg)
Practice: Troubleshooting Replication Failures
In this practice, you will use the Repadmin and Dcdiag command-line tools to examine the status of replication and to test the functionality of your domain controller
![Page 36: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/36.jpg)
Lesson: Planning a Site
Overview of the Site Planning Process
Guidelines for Determining Schedule, Interval, and Protocol of Site Links
Guidelines for Determining the Need for Site Link Bridges
Guidelines for Determining the Requirements for Bridgehead Servers
Guidelines for Securing Active Directory Replication
![Page 37: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/37.jpg)
Overview of the Site Planning Process
Site topology design documentSite topology design document
Number and location of sites in the organization
Site links to connect each site
Availability requirements for sites
Number of users
Site security policies
Number and location of sites in the organization
Site links to connect each site
Availability requirements for sites
Number of users
Site security policies
Site topology planning document
Site topology planning document
Site link schedule and duration
Site link bridges
Preferred bridgehead servers
Subnet objects
Domain controllers in sites
Site link schedule and duration
Site link bridges
Preferred bridgehead servers
Subnet objects
Domain controllers in sites
![Page 38: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/38.jpg)
Guidelines for Determining the Schedule, Interval, and Protocol of Site Links
Determine site link schedules Determine site link schedules
Determine the site link interval Determine the site link interval
Determine the site link protocolDetermine the site link protocol
![Page 39: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/39.jpg)
Guidelines for Determining the Need for Site Link Bridges
Create site link bridges when:Create site link bridges when:
Your IP network is not fully routed Your IP network is not fully routed
The domain controllers do not connect to all other domain controllers in the forestThe domain controllers do not connect to all other domain controllers in the forest
There are many sites, and the forest functional level is not Windows Server 2003 There are many sites, and the forest functional level is not Windows Server 2003
![Page 40: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/40.jpg)
Guidelines for Determining the Requirements for Bridgehead Servers
Create multiple bridgehead servers for multiple directory partitions Create multiple bridgehead servers for multiple directory partitions
Use preferred bridgehead servers to exclude specific domain controllers from being bridgehead servers Use preferred bridgehead servers to exclude specific domain controllers from being bridgehead servers
Create a list of preferred bridgehead servers based on which server you want the intersite topology generator to use
Create a list of preferred bridgehead servers based on which server you want the intersite topology generator to use
![Page 41: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/41.jpg)
Guidelines for Securing Active Directory Replication
Validate and authenticate a trust Validate and authenticate a trust
Use a specific port or protocol for each directory service Use a specific port or protocol for each directory service
Limit the range of RPC ports Limit the range of RPC ports
Establish an explicit trust between domains Establish an explicit trust between domains
![Page 42: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/42.jpg)
Practice: Planning a Site
In this practice, you will:
Determine the site link schedule and duration for the new site link
Determine the configuration for a site link bridge and a preferred bridgehead server
![Page 43: Module 7: Implementing Sites to Manage Active Directory Replication](https://reader036.vdocuments.net/reader036/viewer/2022062309/56649e455503460f94b39307/html5/thumbnails/43.jpg)
Lab A: Implementing Sites to Manage Active Directory Replication
Creating a Replica Domain Controller
Creating and Configuring a Site for Your Domain
Troubleshooting Replication Between Sites