View
221
Download
0
Category
Preview:
Citation preview
8/14/2019 6425A_04 Schema and Config Replication Topology
1/34
Module 4: Configuring
Active Directory
Domain Sevices Sitesand Replication
8/14/2019 6425A_04 Schema and Config Replication Topology
2/34
Module Overview
Overview of Active Directory Domain Services Replication
Overview of AD DS Sites and Replication
Configuring and Monitoring AD DS Replication
8/14/2019 6425A_04 Schema and Config Replication Topology
3/34
Lesson 1: Overview of Active Directory DomainServices Replication
How AD DS Replication Works
How AD DS Replication Works Within a Site
Resolving Replication Conflicts
Optimizing Replication
What Are Directory Partitions? What Is Replication Topology?
How Directory Partitions and the Global CatalogAre Replicated
How the Replication Topology Is Generated
Demonstration: Creating and ConfiguringConnection Objects
8/14/2019 6425A_04 Schema and Config Replication Topology
4/34
How AD(active directory) DS(Domain Server) Replication Works
Active Directory replication: Uses a multimaster model
Uses pull replication
Uses store and forward replication
Uses loose consistency with convergence
Addition of an object to AD DS
Modification of an objects attribute values
Deletion of an object from the directory
Changes that initiate replication include:
8/14/2019 6425A_04 Schema and Config Replication Topology
5/34
How AD DS ReplicatesWithin a Single Site
In a single site: Domain controllers notify replication partners when
updates are applied
For normal updates, the change notification happens15 seconds after the change is applied
Notifications for security-related changes aresent immediately
Replication updates are not compressed
8/14/2019 6425A_04 Schema and Config Replication Topology
6/34
Resolving Replication Conflicts
In a multimaster replication model, replication conflicts can
arise when: The same attribute is changed on two domain controllers
simultaneously: last time/version/time override another server GUID
An object is moved or added to a deleted container(eg.OU) onanother domain controller: drop into lost & find
Two objects with the same relative distinguished name areadded to the same container on two different domain controllers:
the first name assigned override the latter names
To resolve replication conflicts, AD DS uses: Version number Time stamp Server GUID
8/14/2019 6425A_04 Schema and Config Replication Topology
7/34
Optimizing Replication (Not full mesh)
In a multimaster replication model, AD DS updatescan be replicated using multiple paths
AD DS uses update sequence numbers, high watermarks,and up-to-dateness vectors to ensure that updatesare replicated to a specific domain controller only once
8/14/2019 6425A_04 Schema and Config Replication Topology
8/34
What Are Directory Partitions?
Active DirectoryDatabase
Active DirectoryDatabase
Configurablereplication
Domain
Forest Schema
Configuration
Definitions and rules forcreating and manipulatingobjects and attributes
Information about theActive Directory structure
Information about domain-specific objects
Information aboutapplications
Contains:
8/14/2019 6425A_04 Schema and Config Replication Topology
9/34
Domain A TopologyDomain controllers in thesame domainDomain controllers in thesame domain
A1 A2
A3 A4
What Is Replication Topology?
Domain A Topology
Domain B Topology
A1 A2
A3 A4
B1
B2
B3
Domain controllersfrom various domainsDomain controllersfrom various domains
8/14/2019 6425A_04 Schema and Config Replication Topology
10/34
How Directory Partitions and the Global CatalogAre Replicated
Domain A topology
Domain B topology
Schema and configurationtopology
Global catalog replication
A1 A2
A3 A4
B1
B2
B3
Domain controllersfrom various domainsDomain controllersfrom various domains
Global catalogserver
Global catalogserver
Global catalog
server
Global catalog
server
Global catalogserver
Global catalogserver
8/14/2019 6425A_04 Schema and Config Replication Topology
11/34
How the Replication Topology Is Generated
Each domain controller has two replication partners
for each Active Directory partition
The KCC creates two one-way connection objectsbetween replication partners to ensure that no two domaincontrollers are ever more than three network hops away
When a new domain controller is added to a site,the KCC recalculates connection objects
Connection objects can replicate one or more partitions
Active Directory uses the KCC to establish a replication pull direction
between domain controllers
8/14/2019 6425A_04 Schema and Config Replication Topology
12/34
Demonstration: Creating and ConfiguringConnection Objects
In this demonstration, you will see how to createconnection objects and configure existing connection
objects
8/14/2019 6425A_04 Schema and Config Replication Topology
13/34
Lesson 2: Overview of AD DS Sitesand Replication
What Are AD DS Sites and Site Links?
Discussion: Why Implement Additional Sites?
Demonstration: Configuring AD DS Sites
How Replication Works Between Sites
Comparing Replication Within Sites and Between Sites Demonstration: Configuring AD DS Site Links
What Is the Inter-site Topology Generator?
How Unidirectional Replication Works
8/14/2019 6425A_04 Schema and Config Replication Topology
14/34
What Are AD DS Sites and Site Links?
Site
IP SubnetIP Subnet
IP SubnetIP Subnet
A1
A2
Site LinkSite Link
IP SubnetIP SubnetIP SubnetIP Subnet
Site
B3
B1 B2
Sites:
kast,k
ferent domain servers within the same site for objects in
8/14/2019 6425A_04 Schema and Config Replication Topology
15/34
8/14/2019 6425A_04 Schema and Config Replication Topology
16/34
Demonstration: Configuring AD DS Sites
In this demonstration, you will see how to:
Create sites and subnets
Move domain controllers to other sites
8/14/2019 6425A_04 Schema and Config Replication Topology
17/34
Site
A1
A2
Site LinkSite Link
Site
B3
B1 B2
You can configure:
Replication pathsbetween sites
Replication schedulesand frequency
Replication protocols
How Replication Works Between Sites
C i R li ti Withi Sit d
8/14/2019 6425A_04 Schema and Config Replication Topology
18/34
Comparing Replication Within Sites andBetween Sites
Replication Within Sites:
Assumes fast and highlyreliable network links
Does not compressreplication traffic
Uses a change notificationmechanism
Replication Between Sites:
Assumes limited availablebandwidth and unreliablenetwork links
Compresses all replicationtraffic between sites
Occurs on a manual schedule
IP SubnetIP Subnet
A1
A2
IP SubnetIP Subnet
ReplicationReplication
IP SubnetIP Subnet
A1
A2
IP SubnetIP Subnet
ReplicationReplication
IP SubnetIP Subnet
B1
B2
IP SubnetIP Subnet
ReplicationReplication
ReplicationReplication
8/14/2019 6425A_04 Schema and Config Replication Topology
19/34
Demonstration: Configuring AD DS Site Links
In this demonstration, you will see how to:
Configure the default site link
Create additional site links
Add sites to the site links
8/14/2019 6425A_04 Schema and Config Replication Topology
20/34
8/14/2019 6425A_04 Schema and Config Replication Topology
21/34
How Unidirectional Replication Works
Unidirectional replicationensures that changes to aread-only domaincontroller are neverreplicated to any otherdomain controller
Lesson 3: Configuring and Monitoring
8/14/2019 6425A_04 Schema and Config Replication Topology
22/34
Lesson 3: Configuring and MonitoringAD DS Replication
What Is a Bridgehead Server?
Demonstration: Configuring Bridgehead Servers
Demonstration: Configuring Replication Availabilityand Scheduling
What Is Site Link Bridging?
Demonstration: Modifying Site Link Bridges
What Is Universal Group Membership Caching?
Demonstration: Configuring Universal GroupMembership Caching
Demonstration: Tools for Monitoring andManaging Replication
8/14/2019 6425A_04 Schema and Config Replication Topology
23/34
What Is a Bridgehead Server?
A bridgehead server:
Sends and receivesreplicated data
Is designated foreach partition in
the site
IP SubnetIP Subnet
IP SubnetIP SubnetBridgehead ServerBridgehead Server
ReplicationReplication
IP SubnetIP Subnet
IP SubnetIP Subnet
Bridgehead ServerBridgehead Server
B1B1
A1A1
8/14/2019 6425A_04 Schema and Config Replication Topology
24/34
Demonstration: Configuring Bridgehead Servers
In this demonstration, you will see how to configure bridgehead servers
2 Bridgehead servers within 1 single site
Step:Click site, property, general, add IP
Demonstration: Configuring Replication
8/14/2019 6425A_04 Schema and Config Replication Topology
25/34
Demonstration: Configuring ReplicationAvailability and Frequency
In this demonstration, you will see how to configure the sitelink object to manage replication between sites
8/14/2019 6425A_04 Schema and Config Replication Topology
26/34
What Is Site Link Bridge?
IPSubnetIPSubnetIPSubnetIPSubnet
Site B
IPSubnetIPSubnetIPSubnetIPSubnet
Site A
IPSubnetIPSubnetIPSubnetIPSubnet
A1
A2
Site LinkBridge
Site LinkBridge
B2
Site Link
BC
Site Link
BC
Site Link
AB
Site Link
AB
B1
B3
C2
C1
Site C
8/14/2019 6425A_04 Schema and Config Replication Topology
27/34
Demonstration: Modifying Site Link Bridges
In this demonstration, you will see how to:
Disable site link bridge (if firewall between 2 sites) :ADsites and services> inter site transport, right click IP >uncheck site link bridge
Create a new site link bridge
8/14/2019 6425A_04 Schema and Config Replication Topology
28/34
What Is UniversalGroup Membership Caching?
IP SubnetIP Subnet
A1
A2
Bridgeheadserver
Bridgeheadserver
Bridgehead serverBridgehead server
B1
IP SubnetIP Subnet
IP SubnetIP Subnet
IP SubnetIP Subnet
Global Catalog
Server
Global Catalog
Server
Enables domain controllers with
Bridgehead server role ina small site which has
NO global catalog servers to
cache data of
universal group membership
from the Global Catalog servers
in other big sites
Demonstration: Configuring Universal Group
8/14/2019 6425A_04 Schema and Config Replication Topology
29/34
Demonstration: Configuring Universal GroupMembership Caching
In this demonstration, you will see how to:
Configure universal group membership caching for a site
Configure the source for caching
Demonstration: Tools for Monitoring and
8/14/2019 6425A_04 Schema and Config Replication Topology
30/34
Demonstration: Tools for Monitoring andManaging Replication
In this demonstration you will see how to:
Identify the domain controller holding the ISTG role
Force the KCC to run, and then to force replication
Use Repadmin, NLTest, and DCDiag
Lab: Configuring Active Directory Sites and
8/14/2019 6425A_04 Schema and Config Replication Topology
31/34
Lab: Configuring Active Directory Sites andReplication
Exercise 1: Configuring AD DS Sites and Subnets
Exercise 2: Configuring AD DS Replication
Exercise 3: Monitoring AD DS Replication
Logon information
Virtual machine NYC-DC1, LON-DC1,MIA-RODC, NYC-RAS
User name Administrator
Password Pa$$w0rd
Estimated time: 60 minutes
8/14/2019 6425A_04 Schema and Config Replication Topology
32/34
Lab Review
What additional changes would you need to make to theAD DS site configuration if you needed to ensure that all
replication traffic in the New-York site passed throughNYC-DC2?
What additional changes would you need to make if youimplemented another WAN connection between Tokyo andLondon, and wanted to use that WAN connection for AD
DS replication instead of routing all replication changesthrough NewYork-Site?
Why did you force the domain controllers in the lab toupdate their IP addresses in DNS?
8/14/2019 6425A_04 Schema and Config Replication Topology
33/34
Module Review and Takeaways
Review questions
Considerations for configuring AD DS sites and replication
Tools
8/14/2019 6425A_04 Schema and Config Replication Topology
34/34
Recommended