Embed Size (px)
Citation preview
Active DirectoryActive DirectoryReplication (Part 4)Replication (Part 4)
Paige VerwolfPaige VerwolfSupport ProfessionalSupport ProfessionalMicrosoft CorporationMicrosoft Corporation
What Is a Site?What Is a Site?
Collection of one or more subnets, defined by the Collection of one or more subnets, defined by the administrator. It is assumed that they are “well-administrator. It is assumed that they are “well-connected” high-bandwidth local area network (LAN) connected” high-bandwidth local area network (LAN) connections. connections.
Sites may contain multiple domains Sites may contain multiple domains Domain may span more than one site. Domain may span more than one site. Sites are limited to a single forest.Sites are limited to a single forest. First domain controller in a forest, new site is created by First domain controller in a forest, new site is created by
default (Default-First-Site-Name). An administrator can default (Default-First-Site-Name). An administrator can create other sites.create other sites.
SitesSites
Controls Active Directory replication
Schedule inter-site replication
Intra-site replicationautomatically configured
One or moresubnets
One or moresubnets
Site knowledge usedLogon locatorPrinter locatorDistributed file system (Dfs) and more
Replication Site DesignReplication Site Design
What is the site topology?What is the site topology? Logical model of the physical networkLogical model of the physical network Windows 2000 cannot detect the physical network: Windows 2000 cannot detect the physical network:
routing, physical connections, and so on (next version routing, physical connections, and so on (next version will read routing tables)will read routing tables)
Administrator must model the site topology to reflect the Administrator must model the site topology to reflect the physical network: lines, routing, slow links, Virtual physical network: lines, routing, slow links, Virtual Private Networking (VPN), dial-up, and so on.Private Networking (VPN), dial-up, and so on.
When to Create New SitesWhen to Create New Sites
Always, if slow links are involvedAlways, if slow links are involved Slow link = less than 10 MBSlow link = less than 10 MB
Place domain controllers into sitesPlace domain controllers into sites Rules of thumbRules of thumb
Deploy global catalogs on a site levelDeploy global catalogs on a site level Deploy DNS servers on a site levelDeploy DNS servers on a site level
Connect sites with site links according to Connect sites with site links according to network characteristicsnetwork characteristics
Active Directory Sites and Services Active Directory Sites and Services ManagerManager
Site CreationSite Creation
Internet Protocol SubnetsInternet Protocol Subnets
Use Internet Protocol (IP) subnets when you want to Use Internet Protocol (IP) subnets when you want to define multiple subnets on a single sitedefine multiple subnets on a single site
If no subnets are defined and servers are all in If no subnets are defined and servers are all in Default-First-Site-Name (or a single site), replication Default-First-Site-Name (or a single site), replication assumes a single site, even if multiple sites are assumes a single site, even if multiple sites are defined.defined.
Acceptable for small, simple networks, but may Acceptable for small, simple networks, but may cause performance/connectivity problems in large cause performance/connectivity problems in large networks (routing, line speed not addressed)networks (routing, line speed not addressed)
IP Subnet CreationIP Subnet Creation
IP Subnet Creation (2)IP Subnet Creation (2)
Intra-Site ReplicationIntra-Site Replication
Domain controller GUID is used to construct the ringDomain controller GUID is used to construct the ring Newly installed domain controllers add themselves Newly installed domain controllers add themselves
to the ring, and replicate the new configuration to the ring, and replicate the new configuration informationinformation
Existing domain controllers add/remove Existing domain controllers add/remove connection objectsconnection objects
Intra-Site Replication (2)Intra-Site Replication (2)
Notification sent to replica partnerNotification sent to replica partner Replica partner requests changesReplica partner requests changes Source server:Source server:
Receives USN of last object evaluated by targetReceives USN of last object evaluated by target Iterates through those objects and uses the Up-to-Iterates through those objects and uses the Up-to-
Dateness Vector comparing it to the metadata to Dateness Vector comparing it to the metadata to establish the changes the target has already receivedestablish the changes the target has already received
Source sends its Up-to-Dateness Vector to Source sends its Up-to-Dateness Vector to targettarget
Inter-Site ReplicationInter-Site Replication
For domain naming context: remote procedure call (RPC) For domain naming context: remote procedure call (RPC) onlyonly
For global catalog/configuration/schema: RPC and Simple For global catalog/configuration/schema: RPC and Simple Mail Transfer Protocol (SMTP) supportedMail Transfer Protocol (SMTP) supported
SMTP replication is usually slower than RPCSMTP replication is usually slower than RPC Asynchronous replication protocolAsynchronous replication protocol Where end-to-end IP connectivity is impossibleWhere end-to-end IP connectivity is impossible
No NotificationNo Notification Changes are requested for each naming contextChanges are requested for each naming context
Compression (approximately 10–15 percent of data Compression (approximately 10–15 percent of data volume)volume)
Inter-Site Topology GeneratorInter-Site Topology Generator
Inter-Site Messaging ServiceInter-Site Messaging Service
This service allows for multiple transports This service allows for multiple transports to be used as add-ins to the ISM to be used as add-ins to the ISM Transports are implemented by plug-in DLLs Transports are implemented by plug-in DLLs
(for example, SMTP)(for example, SMTP) Provides services to the KCC in the form of Provides services to the KCC in the form of
querying the available replication paths.querying the available replication paths. ISM enables messaging communication that ISM enables messaging communication that
can use SMTP servers other than those that can use SMTP servers other than those that are dedicated to processing e-mail are dedicated to processing e-mail applications such as Exchange.applications such as Exchange.
Inter-Site Messaging Service (2)Inter-Site Messaging Service (2)
ISM is not responsible for encryption and ISM is not responsible for encryption and compressioncompression
Transports for ISM are found under:Transports for ISM are found under: CN=Inter-Site Transports,CN=Sites,CN=Configuration,dc=<domain>CN=Inter-Site Transports,CN=Sites,CN=Configuration,dc=<domain>
What Is a Site Link?What Is a Site Link?
Object that represents two or more sites Object that represents two or more sites connected physically by a wide area network connected physically by a wide area network (WAN) link(WAN) link
Administrator can assign cost and transport and Administrator can assign cost and transport and schedule frequency for replicationschedule frequency for replication
Default Site Link is DefaultIPSiteLinkDefault Site Link is DefaultIPSiteLink No default SMTP linkNo default SMTP link
Site Links CreationSite Links Creation
Used to associate a Used to associate a “cost” with a link “cost” with a link between two or more between two or more sitessites This value is used to This value is used to
generate the inter-site generate the inter-site topology connections or topology connections or “minimum cost path”“minimum cost path”
CostCost
Arbitrary value to reflect speed and reliability of Arbitrary value to reflect speed and reliability of the physical connection between the sitesthe physical connection between the sites
Allows administrator to control replication trafficAllows administrator to control replication traffic The lower the cost, the faster the connectionThe lower the cost, the faster the connection Default = 100 Default = 100
Example of CostExample of CostFactor AssignmentsFactor Assignments
Backbone Link 1
T1 to backbone 200
56-KB link 500
International link 5,000
Branch office 1,000
TransportTransport
TCP/IP (default)TCP/IP (default) SMTP (inter-site only)SMTP (inter-site only) Can be assigned by an administrator, but Can be assigned by an administrator, but
limited by naming contextlimited by naming context
IP Site LinksIP Site Links
Site Link PropertiesSite Link Properties
15-minute increments
Site Link ScheduleSite Link Schedule
Bridgehead ServersBridgehead Servers
Bridgehead servers are Bridgehead servers are replication “gateways” replication “gateways” to remote sitesto remote sites
Bridgehead servers do Bridgehead servers do not store and forward not store and forward naming contexts that it naming contexts that it does not hostdoes not host This may result in This may result in
multiple bridgehead multiple bridgehead servers in a given siteservers in a given site
Bridgehead Server ConfigurationBridgehead Server Configuration
N.Y.
(2)
(1)
(4)
L.A.
(1)
CHI
ATL.
Domain A.B.com Domain B.com
Domain controller
Site link (cost)
Bridgehead server
• Inter-site replication only occurs between bridgehead servers
• Bridgehead servers cannot serve multiple domains
• Bridgehead servers share links and cost
• Bridgehead servers are also domain controllers
Site Link BridgeSite Link Bridge
A site link bridge (SLB) contains two or more site links. A site link bridge (SLB) contains two or more site links. NOTE: Site links are networksNOTE: Site links are networks
Bridges connect site linksBridges connect site links They work like bridges/routers between networksThey work like bridges/routers between networks
These site links should have at least one site in commonThese site links should have at least one site in common Cost for transport is used to make routing decisions. Uses cost Cost for transport is used to make routing decisions. Uses cost
to evaluate the “least cost path.”to evaluate the “least cost path.” KCC creates minimum cost routes that can span multiple site KCC creates minimum cost routes that can span multiple site
linkslinks Create multiple SLBs for non-routed segments (VPNs, and so Create multiple SLBs for non-routed segments (VPNs, and so
on)on) Default is all links in one SLBDefault is all links in one SLB
Site Link Bridge CreationSite Link Bridge Creation
Site Link BridgeSite Link Bridge
Two site links: Two site links: Redmond (Campus, Red-West), cost 1Redmond (Campus, Red-West), cost 1 BellRed (Campus, Bellevue), cost 3BellRed (Campus, Bellevue), cost 3
One site link bridgeOne site link bridge Cost for IP transmission from Bellevue to Red-West = Cost for IP transmission from Bellevue to Red-West =
44
Campus
Red-West
Bellevue
Redmond
BellRed
Eastside Bridge
Configuration with a VPNConfiguration with a VPN
(2)
(1)
(4)L.A.
(1)
CHI
N.Y.
ATL.SEA
SLB #2
SLB #1Portland
Dial-up link
•Use two SLBs because of unreliable routing through dial-up link
Links vs. Bridges - NetworkLinks vs. Bridges - Network
10 MB
T1, 1 MB256 KB64 KB
Fashion
New York
Red-West
Campus London
Paris
Milan
Fashion1
Fashion2
Fashion3
Fashion4
Links vs. Bridges - Site LinksLinks vs. Bridges - Site Links
10 MB
T1, 1 MB256 KB64 KB
Fashion2Site link
Site links CL and LP, but noDC from fashion in Londonso Fashion replication is broken
New York
Red-West
Campus London
ParisFashion
Fashion1
Fashion3
CN: 200
CL: 300
LP: 300 PM: 300
LM: 600 MilanFashion4
Links vs. Bridges - Site Links (2)Links vs. Bridges - Site Links (2)
10 MB
T1, 1 MB256 KB64 KB
Site link
Site link CP fixes this.Topology: F2 - F1 - F3 -F4
Fashion2
New York
Red-West
Campus London
ParisFashion
Fashion1
Fashion3
CN: 200
CL: 200
LP: 300 PM: 300
LM: 600 Milan Fashion4
CP: 500
Links vs. Bridges - Site Links (3)Links vs. Bridges - Site Links (3)
64 KB
Network upgrade, however,no change in topology.Topology: F2 - F1 - F3 -F4
New York
Red-West
Campus London
ParisFashion
Fashion1
Fashion2
Fashion3
CN: 200
CL: 200
LP: 200 PM: 300
LM: 600 Milan Fashion4
CP: 400
10 MBT1, 1 MB256 KB
Site link
Links vs. Bridges - BridgesLinks vs. Bridges - Bridges
64 KB
10 MBT1, 1 MB256 KB
Site linkSite link bridge
New York
Red-West
Campus London
ParisFashion
Fashion1
Fashion2
Fashion3
CN: 200
CL: 200
LP: 300
LM: 600 Milan Fashion4
Enterprise (CN, CL, LM, LP, PM)PM: 300
Site Configuration RulesSite Configuration Rules
A domain may exist at one or more sitesA domain may exist at one or more sites A site may contain one or more domainsA site may contain one or more domains A site link bridge can provide replication for domains in A site link bridge can provide replication for domains in
three or more sites three or more sites only if the domains have connectivity only if the domains have connectivity through at least one common sitethrough at least one common site
One site link bridge per enterprise is usually sufficient, One site link bridge per enterprise is usually sufficient, unless the network is not fully routed (for example, the unless the network is not fully routed (for example, the network contains VPNs, and so on).network contains VPNs, and so on).
The site link bridge creates transitive links.The site link bridge creates transitive links. If a single domain is defined over two sites, an automatic If a single domain is defined over two sites, an automatic
site link is created.site link is created.
Site Configuration Rules (2)Site Configuration Rules (2)
A bridgehead server does not store and forward A bridgehead server does not store and forward naming contexts that it does not host. You need one naming contexts that it does not host. You need one bridgehead server for every domain naming bridgehead server for every domain naming contexts in every site.contexts in every site.
To replicate over multiple sites, you must either To replicate over multiple sites, you must either move the servers to appropriate sites, or define IP move the servers to appropriate sites, or define IP subnets for the appropriate sites.subnets for the appropriate sites.
Replication takes place even if the administrator Replication takes place even if the administrator does nothing in site configuration (although does nothing in site configuration (although probably not efficiently).probably not efficiently).
Multiple bridgehead servers at a site share the site Multiple bridgehead servers at a site share the site link and cost. link and cost.
What’s Wrong with this Picture?What’s Wrong with this Picture?
Bridgehead server
Site link (cost)
L.A.
N.Y.Domain A.B.com Domain B.com
Domain controller
(2) TCP/IP only
(1)
TCP/IP and SMTP
(4) SMTP and TCP/IP
(1) SMTP only
CHI
ATL.
Dial-Up
SEA
256 KB256 KB
256 KB
T1
T1/2
T2
![[MS-FRS1]: File Replication Service Protocol€¦ · Active Directory Active Directory. ,](https://img.pdfslide.us/doc/110x75/5e9a50be94d9c610711a8630/ms-frs1-file-replication-service-protocol-active-directory-active-directory.jpg)
