Module 4: Configuring Active Directory Sites and Replication

1

• Module 4 Configuring Active Directory Sites and
  Replication

2
Module Overview

• Overview of Active Directory Domain Services
  Replication
• Overview of AD DS Sites and Replication
• Configuring and Monitoring AD DS Replication

3
Lesson 1 Overview of Active Directory Domain
Services Replication

• How Active Directory Replication Works
• How AD DS Replication Works Within a Site
• Resolving Replication Conflicts
• Optimizing Replication
• What Are Directory Partitions?
• What Is Replication Topology?
• How Directory Partitions and the Global Catalog
  Are Replicated
• How the Replication Topology Is Generated
• Demonstration Creating and Configuring
  Connection Objects

4
How Active Directory Replication Works

• Active Directory replication

• Uses a multimaster model

• Uses pull replication

• Uses store and forward replication

• Uses loose consistency with convergence

Changes that initiate replication include

• Addition of an object to Active Directory

• Modification of an objects attribute values

• Deletion of an object from the directory

5
How AD DS Replication Works Within a Site

• In a single site

• Domain controllers notify replication partners
  when updates are applied

• For normal updates, the change notification
  happens 15 seconds after the change is applied

• Notifications for security related changes are
  sent immediately

• Replication updates are not compressed

6
Resolving Replication Conflicts

• In a multimaster replication model, replication
  conflicts can arise when

• The same attribute is changed on two domain
  controllers simultaneously

• An object is moved or added to a deleted
  container on another domain controller

• Two objects with the same relative distinguished
  name are added to the same container on two
  different domain controllers

• To resolve replication conflicts, AD DS uses

• Server GUID

• Version number

• Time stamp

7
Optimizing Replication

• In a multimaster replication model, AD DS updates
  can be replicated using multiple paths
• AD DS uses update sequence numbers, high
  watermarks, and up-to-dateness vectors to ensure
  that updates are replicated to a specific domain
  controller only once

8
What Are Directory Partitions?
Contains
Definitions and rules for creating and
manipulating objects and attributes
Forest
Information about the Active Directory structure
Information about domain-specific objects
Domain
Configurablereplication
Information about applications
Active Directory Database
9
What Is Replication Topology?
Domain controllers in the same domain
Domain A Topology
10
How Directory Partitions and the Global Catalog
Are Replicated
Domain controllers from various domains
Domain A topology Domain B topology Schema and
configurationtopology Global catalog replication
11
How the Replication Topology Is Generated
Active Directory uses the KCC to establish a
replication path between domain controllers

• Each domain controller has two replication
  partners for each Active Directory partition

• The KCC creates two one-way connection objects
  between replication partners to ensure that no
  two domain controllers are ever more than three
  network hops away

• When a new domain controller is added to a site,
  the KCC recalculates connection objects

• Connection objects can replicate one or more
  partitions

12
Demonstration Creating and Configuring
Connection Objects

• In this demonstration, you will see how to create
  connection objects and configure existing
  connection objects

13
Lesson 2 Overview of AD DS Sites and
Replication

• What Are AD DS Sites and Site Links?
• Discussion Why Implement Additional Sites?
• Demonstration Configuring AD DS Sites
• How Replication Works Between Sites
• Comparing Replication Within Sites and Between
  Sites
• Demonstration Configuring AD DS Site Links
• What Is the Inter-site Topology Generator?
• How Unidirectional Replication Works

14
What Are AD DS Sites and Site Links?
Sites
A1

• Identify network locations with fast reliable
  network connections
• Are associated with subnet objects in Active
  Directory

A2
IP Subnet
IP Subnet
Site
Site Link
B1
B2
IP Subnet
B3
IP Subnet
Site
15
Discussion Why Implement Additional Sites?

• Why would an organization choose to implement
  additional sites?
• What are the benefits and disadvantages of
  creating additional sites?

16
Demonstration Configuring AD DS Sites

• In this demonstration, you will see how to
• Create sites and subnets
• Move domain controllers to other sites

17
How Replication Works Between Sites
You can configure
A1

• Replication paths between sites
• Replication schedulesand frequency
• Replication protocols

A2
Site
Site Link
B1
B2
B3
Site
18
Comparing Replication Within Sites and Between
Sites
Replication Within Sites Assumes fast and highly reliable network links Does not compress replication traffic Uses a change notification mechanism
Replication Between Sites Assumes limited available bandwidth and unreliable network links Compresses all replication traffic between sites Occurs on a manual schedule
A1
IP Subnet
A2
Replication
IP Subnet
A1
IP Subnet
A2
Replication
IP Subnet
B1
IP Subnet
Replication
B2
Replication
IP Subnet
19
Demonstration Configuring AD DS Site Links

• In this demonstration, you will see how to
• Configure the default site link
• Create additional site links
• Add sites to the site links

20
What Is the Inter-site Topology Generator?
Inter-site topology generator
Bridgehead server
IP Subnet

• The inter-site topology generator defines the
  replication between sites on a network

Replication
IP Subnet
Replication
IP Subnet
Inter-site topologygenerator
Replication
IP Subnet
Bridgehead server
21
How Unidirectional Replication Works

• Unidirectional replication ensures that changes
  to a read-only domain controller are never
  replicated to any other domain controller

22
Lesson 3 Configuring and Monitoring AD DS
Replication

• What Is a Bridgehead Server?
• Demonstration Configuring Bridgehead Servers
• Demonstration Configuring Replication
  Availability and Scheduling
• What Is Site Link Bridging?
• Demonstration Modifying Site Link Bridges
• What Is Universal Group Membership Caching?
• Demonstration Configuring Universal Group
  Membership Caching
• Demonstration Tools for Monitoring and Managing
  Replication

23
What Is a Bridgehead Server?
A bridgehead server
Bridgehead Server
IP Subnet

• Sends and receives replicated data
• Is designated for each partition in the site

A1
IP Subnet
Replication
IP Subnet
IP Subnet
B1
Bridgehead Server
24
Demonstration Configuring Bridgehead Servers

• In this demonstration, you will see how to
  configure bridgehead servers

25
Demonstration Configuring Replication
Availability and Frequency

• In this demonstration, you will see how to
  configure the site link object to manage
  replication between sites

26
What Is Site Link Bridging?
27
Demonstration Modifying Site Link Bridges

• In this demonstration, you will see how to
• Disable site link bridging
• Create a new site link bridge

28
What Is Universal Group Membership Caching?
Global Catalog Server
Bridgehead server

• Enables domain controllers in a site with no
  global catalog servers to cache universal
  group membership

IP Subnet
IP Subnet
IP Subnet
IP Subnet
Bridgehead server
29
Demonstration Configuring Universal Group
Membership Caching

• In this demonstration, you will see how to
• Configure universal group membership caching for
  a site
• Configure the source for caching

30
Demonstration Tools for Monitoring and Managing
Replication

• In this demonstration you will see how to
• Identify the domain controller holding the ISTG
  role
• Force the KCC to run, and how to force
  replication
• Use Repadmin, NLTest, and DCDiag

31
Lab Configuring Active Directory Sites and
Replication

• Exercise 1 Configuring AD DS Sites and Subnets
• Exercise 2 Configuring AD DS Replication
• Exercise 3 Monitoring AD DS Replication

Logon information
Virtual machine NYC-DC1, LON-DC1, MIA-RODC, NYC-RAS
User name Administrator
Password Paw0rd
Estimated time 60 minutes
32
Lab Review

• What additional changes would you need to make to
  the AD DS site configuration if you needed to
  ensure that all replication traffic in the
  New-York site passed through NYC-DC2?
• What additional changes would you need to make if
  you implemented another WAN connection between
  Tokyo and London, and wanted to use that WAN
  connection for AD DS replication instead of
  routing all replication changes through
  NewYork-Site?
• Why did you force the domain controllers in the
  lab to update their IP addresses in DNS?

33
Module Review and Takeaways

• Review questions
• Considerations for configuring AD DS sites and
  replication
• Tools

34
Beta Feedback Tool

• Beta feedback tool helps
• Collect student roster information, module
  feedback, and course evaluations.
• Identify and sort the changes that students
  request, thereby facilitating a quick team
  triage.
• Save data to a database in SQL Server that you
  can later query.
• Walkthrough of the tool

35
Beta Feedback

• Overall flow of module
• Which topics did you think flowed smoothly, from
  topic to topic?
• Was something taught out of order?
• Pacing
• Were you able to keep up? Are there any places
  where the pace felt too slow?
• Were you able to process what the instructor said
  before moving on to next topic?
• Did you have ample time to reflect on what you
  learned? Did you have time to formulate and ask
  questions?
• Learner activities
• Which demos helped you learn the most? Why do you
  think that is?
• Did the lab help you synthesize the content in
  the module? Did it help you to understand how you
  can use this knowledge in your work environment?
• Were there any discussion questions or reflection
  questions that really made you think? Were there
  questions you thought werent helpful?