Scribd Logo
Unggah

Selamat datang di Scribd!

  • MOAC294 Chapter03

    Diunggah oleh

    Nitesh Kohli
    16 tayangan35 halaman
    moa

    Judul Asli

    MOAC294_Chapter03

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PPT, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    moa

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    16 tayangan35 halaman

    MOAC294 Chapter03

    Diunggah oleh

    Nitesh Kohli
    moa

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 35

    1

    Chapter 3

    WORKING WITH
    ACTIVE DIRECTORY
    SITES

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES2

    INTRODUCING SITES
    Logical structure can be seen in Active

    Directory Users And Computers.

    Physical network structure affects the

    efficiency
    of Active Directory replication.

    Up to the administrator to create sites in Active

    Directory Sites And Services.

    Sites are used to control Active Directory

    replication and authentication traffic.

    Only site created by default is the Default-First-

    Site-Name.

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES3

    SITES AND SITE LINKS


    Sites are typically composed of fast and

    reliably connected computers.

    Criteria for fast and reliable are up to the

    administrator.

    Sites are independent of the domain

    structure.

    Domain computer accounts can be spread

    over multiple sites.

    Sites can contain resources from multiple

    domains.

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES4

    SITES AND SITE LINKS


    Although sites can be added, modified, and deleted

    at any time, planning the site structure before


    installing Active Directory saves you time.

    Default-First-Site-Name site is default location for

    domain controllers.

    First domain controller is always placed into this site.


    Other domain controllers are placed here, if

    appropriate site definitions arent available.

    If sites are created appropriately, newly installed

    domain controllers are automatically placed in the


    appropriate site.

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES5

    SITES AND THE REPLICATION PROCESS


    Replication topology describes the logical

    connections made between domain


    controllers
    for replication.

    Replication is the transfer of directory

    information updates.

    Object additions or removals


    Object attribute changes
    Object renames

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES6

    SITES AND THE REPLICATION PROCESS


    Tracking replication changes.
    Update Sequence Number (USN)
    Timestamp

    Bridgehead server controls replication changes

    between sites.

    Compares USN for recent changes


    Uses timestamp if modifications carry the same

    USN

    Convergence occurs when all changes are

    updated.

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES7

    INTRASITE REPLICATION OVERVIEW


    Knowledge consistency checker (KCC)
    Creates initial replication topology (replication ring)
    Creates connection objects between domain

    controllers

    Process that runs on each domain controller

    Active Directory replicates four partitions


    Domain (domain-wide)
    Schema (forest-wide)
    Configuration (forest-wide)
    Application Data (depends on configuration)

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES8

    INTRASITE REPLICATION DETAILS


    KCC runs every 15 minutes to ensure

    replication topology is efficient.

    Intrasite replication latency is minimized in

    these ways:

    KCC creates a bidirectional Replication Ring


    KCC ensures no more than three replication

    hops between any two domain controllers by


    adding additional connections as needed

    Replication traffic is not compressed

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES9

    INTRASITE REPLICATION DETAILS


    Intrasite replication latency is 15 minutes by

    default, but there is urgent replication for


    important changes.
    Multiple domains in a single site.
    Each domain maintains a separate domain

    partition replication topology.

    Forest-wide replication is not conducted

    separately, because this information is sent


    to all domains in the forest.

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    10

    INTERSITE REPLICATION
    Designed to control replication traffic over

    slow WAN links.

    KCC designates one domain controller per

    site to be the Intersite Topology Generator


    (ISTG).

    ISTG designates the bridgehead server.


    Site links are used to define the intersite

    replication topology.

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    11

    INTERSITE REPLICATION: SITE LINKS


    Connection between two sites that are

    logical and transitive

    Represents physical network links


    Manually defined by administrator
    Sites communicate using same protocol

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    12

    SITE LINK CONFIGURATION


    Cost
    Lower cost routes are used first.
    Default is 100; range 1 to 99,999.

    Schedule
    Default is availability 7 days per week, 24

    hours
    per day.

    Administrator can modify to exclude certain

    days and hours the link is not available.

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    13

    SITE LINK CONFIGURATION


    Frequency
    Specifies how often the link attempts to

    replicate information within the specified


    availability (schedule)

    Default is 180 minutes; range is 15 minutes

    to once per week

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    14

    CREATING SITES

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    15

    CREATING SITE LINKS

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    16

    CONFIGURING SITE LINK PROPERTIES

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    17

    CREATING SUBNETS

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    18

    REPLICATION PROTOCOLS
    Remote procedure call (RPC) over Internet

    Protocol (IP)

    Default and most commonly used


    Adheres to schedules by default
    Synchronous; connection required
    Only choice for domain controllers from

    same domain

    Simple Mail Transfer Protocol (SMTP)


    Allows asynchronous communications

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    19

    REPLICATION PROTOCOLS
    Doesnt adhere to schedules by default
    Requires a certificate and certificate

    authority (CA)

    Cannot replicate domain partition

    information

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    20

    RPC REQUIRES A CONNECTION


    contoso.com
    DCs
    Site 1

    Link1-2
    Schedule
    1:00 A.M. 3:00 A.M.

    Cohowinery.com DCs
    Link2-3
    Schedule
    3:00 A.M. 5:00 A.M.

    contoso.com
    DCs
    Site 3

    Site 2

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    21

    INTRASITE VERSUS INTERSITE


    REPLICATION
    Intrasite
    Replication traffic not compressed.
    Replication partners notify each other within 5

    to
    15 minutes of changes.

    KCC automatically configures and maintains a

    replication ring.

    RPC is used.

    Intersite
    Replication traffic is compressed.

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    22

    INTRASITE VERSUS INTERSITE


    REPLICATION
    Bridgehead servers notify bridgehead

    servers at other sites of changes every 80


    minutes by default.

    Site links are required for replication to

    occur.

    Protocols used intersite can be RPC over IP or

    SMTP.

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    23

    DESIGNATING THE BRIDGEHEAD


    SERVER
    ISTG automatically assigns preferred

    bridgehead server.

    Administrator can designate preferred

    bridgehead servers.

    Done through properties of domain controller

    object in Active Directory Sites And Services

    Select the protocol, IP or SMTP, for which this

    server is to be considered a preferred


    bridgehead server

    Allows administrator to designate that role to

    systems with most processing power to spare

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    24

    PREFERRED BRIDGEHEAD SERVER


    DESIGNATION

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    25

    SITE LINK BRIDGING


    Used to allow communication over two

    different
    site links.

    Bridge All Site Links is configured by default.


    You can clear the Bridge All Site Links check

    box and configure site link bridges manually.

    You cannot create a site link bridge until you

    have at least two site links.

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    26

    CONFIGURING SITE LINK BRIDGING

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    27

    MANAGING REPLICATION

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    28

    CHECK REPLICATION TOPOLOGY

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    29

    DETERMINING THE ISTG

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    30

    FORCING REPLICATION
    Active Directory Sites And Services
    Active Directory Replication Monitor

    (Replmon)

    Repadmin/syncall contoso.com

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    31

    MONITORING REPLICATION
    Windows Support Tools
    Microsoft Windows Server 2003 installation

    CD-ROM

    Support\Tools folder on the CD

    Dcdiag
    Repadmin
    Replmon

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    32

    DOMAIN CONTROLLERDIAG
    Many options for diagnosing and repairing

    domain controller issues

    Type dcdiag /? at a command prompt to see

    a list

    Noteworthy examples
    dcdiag /test:replication
    dcdiag /fix

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    33

    REPADMIN
    Command line utility for replication control and

    monitoring

    Type repadmin /? at a command prompt to see a list


    Noteworthy examples
    /showreps view replication partners
    /showconn view connections
    /sync and /syncall force replication
    /showmeta view attributes of a specific object
    /showvector check USNs for a particular naming

    context, also named partition

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    34

    REPLMON: ACTIVE DIRECTORY


    REPLICATION MONITOR
    Graphical utility for replication control and

    monitoring

    Launch from Support Tools option on Start menu

    or by typing replmon in Run dialog box or CMD


    prompt

    Noteworthy capabilities
    Check replication topology
    Force synchronization
    Generate a status report to a log file
    View bridgehead servers

    Chapter 3: WORKING WITH ACTIVE DIRECTORY SITES


    35

    SUMMARY
    Intrasite versus intersite replication details
    Site, site link, and site link bridge creation

    and configuration

    Intersite replication configuration options


    Bridgehead servers
    Protocol selection

    Windows Support Tools: domain

    controllerdiag, Repadmin, Replmon

    Anda mungkin juga menyukai