Active Directory


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Active Directory

    1. 1. Active Directory Replication (Part 4) Paige Verwolf Support Professional Microsoft Corporation
    2. 2. What Is a Site? <ul><li>Collection of one or more subnets, defined by the administrator. It is assumed that they are “well-connected” high-bandwidth local area network (LAN) connections. </li></ul><ul><li>Sites may contain multiple domains </li></ul><ul><li>Domain may span more than one site. </li></ul><ul><li>Sites are limited to a single forest. </li></ul><ul><li>First domain controller in a forest, new site is created by default (Default-First-Site-Name). An administrator can create other sites. </li></ul>
    3. 3. Sites Controls Active Directory replication <ul><li>Site knowledge used </li></ul><ul><ul><li>Logon locator </li></ul></ul><ul><ul><li>Printer locator </li></ul></ul><ul><ul><li>Distributed file system (Dfs) and more </li></ul></ul>Schedule inter-site replication Intra-site replication automatically configured One or more subnets One or more subnets
    4. 4. Replication Site Design <ul><li>What is the site topology? </li></ul><ul><ul><li>Logical model of the physical network </li></ul></ul><ul><ul><li>Windows 2000 cannot detect the physical network: routing, physical connections, and so on (next version will read routing tables) </li></ul></ul><ul><ul><li>Administrator must model the site topology to reflect the physical network: lines, routing, slow links, Virtual Private Networking (VPN), dial-up, and so on. </li></ul></ul>
    5. 5. When to Create New Sites <ul><li>Always, if slow links are involved </li></ul><ul><ul><li>Slow link = less than 10 MB </li></ul></ul><ul><li>Place domain controllers into sites </li></ul><ul><li>Rules of thumb </li></ul><ul><ul><li>Deploy global catalogs on a site level </li></ul></ul><ul><ul><li>Deploy DNS servers on a site level </li></ul></ul><ul><li>Connect sites with site links according to network characteristics </li></ul>
    6. 6. Active Directory Sites and Services Manager
    7. 7. Site Creation
    8. 8. Internet Protocol Subnets <ul><li>Use Internet Protocol (IP) subnets when you want to define multiple subnets on a single site </li></ul><ul><li>If no subnets are defined and servers are all in Default-First-Site-Name (or a single site), replication assumes a single site, even if multiple sites are defined. </li></ul><ul><li>Acceptable for small, simple networks, but may cause performance/connectivity problems in large networks (routing, line speed not addressed) </li></ul>
    9. 9. IP Subnet Creation
    10. 10. IP Subnet Creation (2)
    11. 11. Intra-Site Replication <ul><li>Domain controller GUID is used to construct the ring </li></ul><ul><li>Newly installed domain controllers add themselves to the ring, and replicate the new configuration information </li></ul><ul><li>Existing domain controllers add/remove connection objects </li></ul>
    12. 12. Intra-Site Replication (2) <ul><li>Notification sent to replica partner </li></ul><ul><li>Replica partner requests changes </li></ul><ul><li>Source server: </li></ul><ul><ul><li>Receives USN of last object evaluated by target </li></ul></ul><ul><ul><li>Iterates through those objects and uses the Up-to-Dateness Vector comparing it to the metadata to establish the changes the target has already received </li></ul></ul><ul><li>Source sends its Up-to-Dateness Vector to target </li></ul>
    13. 13. Inter-Site Replication <ul><li>For domain naming context: remote procedure call (RPC) only </li></ul><ul><li>For global catalog/configuration/schema: RPC and Simple Mail Transfer Protocol (SMTP) supported </li></ul><ul><li>SMTP replication is usually slower than RPC </li></ul><ul><ul><li>Asynchronous replication protocol </li></ul></ul><ul><ul><li>Where end-to-end IP connectivity is impossible </li></ul></ul><ul><li>No Notification </li></ul><ul><ul><li>Changes are requested for each naming context </li></ul></ul><ul><li>Compression (approximately 10–15 percent of data volume) </li></ul><ul><li>Inter-Site Topology Generator </li></ul>
    14. 14. Inter-Site Messaging Service <ul><li>This service allows for multiple transports to be used as add-ins to the ISM </li></ul><ul><ul><li>Transports are implemented by plug-in DLLs (for example, SMTP) </li></ul></ul><ul><ul><li>Provides services to the KCC in the form of querying the available replication paths. </li></ul></ul><ul><ul><li>ISM enables messaging communication that can use SMTP servers other than those that are dedicated to processing e-mail applications such as Exchange. </li></ul></ul>
    15. 15. Inter-Site Messaging Service (2) <ul><li>ISM is not responsible for encryption and compression </li></ul><ul><li>Transports for ISM are found under: </li></ul><ul><ul><li>CN=Inter-Site Transports,CN=Sites,CN=Configuration,dc=<domain> </li></ul></ul>
    16. 16. SMTP Connector <ul><li>Assumes, that the underlying SMTP messaging system takes care of routing </li></ul><ul><ul><li>Scheduling tab is ignored by the SMTP connector </li></ul></ul><ul><li>Cannot be used for domain naming context replication </li></ul><ul><ul><li>But for configuration, schema and partial replication </li></ul></ul>
    17. 17. SMTP Connector(2) <ul><li>Supports encryption and digital signature of messages </li></ul><ul><ul><li>Requires Certificate Server to be installed </li></ul></ul><ul><li>But: Site-Links still have to be created </li></ul><ul><li>Use a higher cost than your RPC based replication </li></ul>
    18. 18. Inter-Site SMTP replication LSASS.EXE NTDSA.DLL ISM Client lib ISM Service CDO Plug-in CDO V2 LSASS.EXE NTDSA.DLL ISM Client lib ISM Service CDO Plug-in CDO V2 SMTP Bridgehead Site A Bridgehead Site B
    19. 19. What Is a Site Link? <ul><li>Object that represents two or more sites connected physically by a wide area network (WAN) link </li></ul><ul><li>Administrator can assign cost and transport and schedule frequency for replication </li></ul><ul><li>Default Site Link is DefaultIPSiteLink </li></ul><ul><li>No default SMTP link </li></ul>
    20. 20. Site Links Creation <ul><li>Used to associate a “cost” with a link between two or more sites </li></ul><ul><ul><li>This value is used to generate the inter-site topology connections or “minimum cost path” </li></ul></ul>
    21. 21. Cost <ul><li>Arbitrary value to reflect speed and reliability of the physical connection between the sites </li></ul><ul><li>Allows administrator to control replication traffic </li></ul><ul><li>The lower the cost, the faster the connection </li></ul><ul><li>Default = 100 </li></ul>
    22. 22. Example of Cost Factor Assignments 1,000 Branch office 5,000 International link 500 56-KB link 200 T1 to backbone 1 Backbone Link
    23. 23. Transport <ul><li>TCP/IP (default) </li></ul><ul><li>SMTP (inter-site only) </li></ul><ul><li>Can be assigned by an administrator, but limited by naming context </li></ul>
    24. 24. IP Site Links
    25. 25. Site Link Properties 15-minute increments
    26. 26. Site Link Schedule
    27. 27. Bridgehead Servers <ul><li>Bridgehead servers are replication “gateways” to remote sites </li></ul><ul><li>Bridgehead servers do not store and forward naming contexts that it does not host </li></ul><ul><ul><li>This may result in multiple bridgehead servers in a given site </li></ul></ul>
    28. 28. Bridgehead Server Configuration N.Y. (2) (1) (4) L.A. (1) CHI ATL. Domain Domain Domain controller Site link (cost) Bridgehead server <ul><li>Inter-site replication only occurs between bridgehead servers </li></ul><ul><li>Bridgehead servers cannot serve multiple domains </li></ul><ul><li>Bridgehead servers share links and cost </li></ul><ul><li>Bridgehead servers are also domain controllers </li></ul>
    29. 29. Site Link Bridge <ul><li>A site link bridge (SLB) contains two or more site links. </li></ul><ul><ul><li>NOTE: Site links are networks </li></ul></ul><ul><li>Bridges connect site links </li></ul><ul><ul><li>They work like bridges/routers between networks </li></ul></ul><ul><li>These site links should have at least one site in common </li></ul><ul><li>Cost for transport is used to make routing decisions. Uses cost to evaluate the “least cost path.” </li></ul><ul><li>KCC creates minimum cost routes that can span multiple site links </li></ul><ul><li>Create multiple SLBs for non-routed segments (VPNs, and so on) </li></ul><ul><li>Default is all links in one SLB </li></ul>
    30. 30. Site Link Bridge Creation
    31. 31. Site Link Bridge <ul><li>Two site links: </li></ul><ul><ul><li>Redmond (Campus, Red-West), cost 1 </li></ul></ul><ul><ul><li>BellRed (Campus, Bellevue), cost 3 </li></ul></ul><ul><li>One site link bridge </li></ul><ul><li>Cost for IP transmission from Bellevue to Red-West = 4 </li></ul>Campus Red-West Bellevue Redmond BellRed Eastside Bridge
    32. 32. Configuration with a VPN (2) (1) (4) L.A. (1) CHI N.Y. ATL. SEA SLB #2 SLB #1 Portland Dial-up link <ul><li>Use two SLBs because of unreliable routing through dial-up link </li></ul>
    33. 33. Links vs. Bridges - Network 10 MB T1, 1 MB 256 KB 64 KB Fashion New York Red-West Campus London Paris Milan Fashion1 Fashion2 Fashion3 Fashion4
    34. 34. Links vs. Bridges - Site Links 10 MB T1, 1 MB 256 KB 64 KB Fashion2 Site link Site links CL and LP, but no DC from fashion in London so Fashion replication is broken New York Red-West Campus London Paris Fashion Fashion1 Fashion3 CN: 200 CL: 300 LP: 300 PM: 300 LM: 600 Milan Fashion4
    35. 35. Links vs. Bridges - Site Links (2) 10 MB T1, 1 MB 256 KB 64 KB Site link Site link CP fixes this. Topology: F2 - F1 - F3 -F4 Fashion2 New York Red-West Campus London Paris Fashion Fashion1 Fashion3 CN: 200 CL: 200 LP: 300 PM: 300 LM: 600 Milan Fashion4 CP: 500
    36. 36. Links vs. Bridges - Site Links (3) 64 KB Network upgrade, however, no change in topology. Topology: F2 - F1 - F3 -F4 New York Red-West Campus London Paris Fashion Fashion1 Fashion2 Fashion3 CN: 200 CL: 200 LP: 200 PM: 300 LM: 600 Milan Fashion4 CP: 400 10 MB T1, 1 MB 256 KB Site link
    37. 37. Links vs. Bridges - Bridges 64 KB 10 MB T1, 1 MB 256 KB Site link Site link bridge New York Red-West Campus London Paris Fashion Fashion1 Fashion2 Fashion3 CN: 200 CL: 200 LP: 300 LM: 600 Milan Fashion4 Enterprise (CN, CL, LM, LP, PM) PM: 300
    38. 38. Site Configuration Rules <ul><li>A domain may exist at one or more sites </li></ul><ul><li>A site may contain one or more domains </li></ul><ul><li>A site link bridge can provide replication for domains in three or more sites only if the domains have connectivity through at least one common site </li></ul><ul><li>One site link bridge per enterprise is usually sufficient, unless the network is not fully routed (for example, the network contains VPNs, and so on). </li></ul><ul><li>The site link bridge creates transitive links. </li></ul><ul><li>If a single domain is defined over two sites, an automatic site link is created. </li></ul>
    39. 39. Site Configuration Rules (2) <ul><li>A bridgehead server does not store and forward naming contexts that it does not host. You need one bridgehead server for every domain naming contexts in every site. </li></ul><ul><li>To replicate over multiple sites, you must either move the servers to appropriate sites, or define IP subnets for the appropriate sites. </li></ul><ul><li>Replication takes place even if the administrator does nothing in site configuration (although probably not efficiently). </li></ul><ul><li>Multiple bridgehead servers at a site share the site link and cost. </li></ul>
    40. 40. What’s Wrong with this Picture? Bridgehead server Site link (cost) L.A. N.Y. Domain Domain Domain controller (2) TCP/IP only (1) TCP/IP and SMTP (4) SMTP and TCP/IP (1) SMTP only CHI ATL . Dial-Up SEA 256 KB 256 KB 256 KB T1 T1/2 T2