MCSE-08-Implementing of an Active Directory Service-09-Theory

8/6/2019 MCSE-08-Implementing of an Active Directory Service-09-Theory

1/70

ADVANTAGE PRO Chennais Premier Networking Training Center

Implementing Sites To

Manage

Active Directory Replication


2/70


3/70


Introduction to Active Directory Replication

Replication is the process of updating information in

Active Directory from one domain controller to other

domain controller on a network.

The replication process synchronizes the movement

of updated information between the domains.


4/70


Replication of Linked Multivalued Attributes

Replication of linked multivalued attributes depends on the forest

functional level.

Forest Functional Level What Happens?

< Windows Server 2003 Change triggers replication of the entire

membership list

= Windows Server 2003 Replication occurs by individual value

instead of the whole attribtue


5/70


Directory Partitons

SCHEMA

CONFIGURATION

DOMAIN

APPLICATION

Active Directory Database

FOREST

DOMAIN

CONFIGURABLEREPLICATION


6/70


Directory Partitons

Schema Partition

Only one Schema partion exists per forest.

This partition is stored on all domain controllers in a

forest.

It contains definitions of all objects and attributes that

you can create in the directory.

Schema information is replicated to all domain

controllers in the forest.


7/70


Directory Partitons

Configuration Partition

Only one configurtion partition per forest.

Stored on all domain controllers in a forest.

The configuration partition contains information

about the forest-wide Active Directory structure.

Configuration information is replicated to all domaincontrollers in a forest.


8/70


Directory Partitons

Domain Partition

Many domain partitions can exit per forest.

Domain partition are stored on each domain

controller in a given domain.

It contains information about all domain-specific

objects that were created in that domain, including

users, groups, computers and OU.

All objects in this partition is stored in Global Catalog

with only a subset of their attribute.


9/70


Directory Partitons

Application Partition

It stores inforamtion about applications in Active

Directory.

Unlike a domain partition, this partiton cannot store

security principal objects, such as user accouts.

The data in an application is not stored in the gobal

catalog.


10/70


Replication Topology

Replication Topology is the route by which

replication data travels throughout a network.

Replication occurs between two domain controller.

To create this topology, Active Directory must

determine which domain controllers replicate data

with other domain controllers.


11/70


Global Catalog

A global catalog server is a domain controller that

stores two forest-wide partitions.

It has read/write copy of the partiton from its own

domain and a partial replica of all domain partition in

the forest.

These partial replicas contain a read-only subset of

the information in each domain partition.


12/70


Global Catalog and Replication of Partition

When a new domain is added to forest, the

Configuration partiton stores information about new

domain.

Active directory replicates the configuration partion

to all domain controllers.

Each global catalog server becomes a partial replica

of the new domain controller that obtaing replica

information.


13/70


Sites

In Active Directory, Sites helps to define the physical

structure of a network.

Sites are used to control replication traffic, logon

traffic, and client computer requests to the gobal

catalog server.

It consits of server objects, which contain connection

objects that enable replication.


14/70


Site Link

Enables replication traffic between sites.

Represents the physical connection between sites.


15/70


Default Site Link

When first domain is created, Active Directory

creates a default site link named Defaultipsitelink.

It includes the first site and is located in the IP

container in Active directory.

Site link can be renamed.


16/70


17/70


18/70


Site Link Transport Protocols

A transport protocol is a common language that

computers share in order to communcate during

replication.

Active Directory uses only one protrocol for

replication within a site.


19/70


20/70


21/70


Site Link Transport Protocols

Simple Mail Transfer Protocol (SMTP)

SMTP supports replication of the schema,

configuration, and global catalog between sites and

domains.

This protocol cannot be used for replication of the

domain partition.

Configure a certificate authority to sign the SMTPmessages and ensure the authenticity of directory

updates.


22/70


23/70


24/70


25/70


Creating a Site

Here right click Site andselect New Site


26/70


27/70


28/70


29/70


30/70


Creating a Subnet Object

Right click Subnets

select new subnet


31/70


32/70


Creating a Subnet Object

Subnet will display here


33/70


Moving a Domain Controller To A Different

Site

Select the

option


34/70



Site

Right click theDomain Controller

and select Move


35/70


36/70



Site

The DC is

Moved here


37/70


38/70


39/70


40/70


41/70


42/70


43/70


Delegating Control Of Sites

Click Next


44/70


45/70


46/70


47/70


48/70


Intersite Topology Generator

Functions:

It automatically selects one or more domain

controllers to become bridgehead servers.

If a bridgehead server becomes unavailable, it

automatically selects another bridgehead server.

It runs Knowledge Consistency Checker(KCC) to

determine the replication topology and resultant

connection objects to communicate with other sites.


49/70


Creating a Preferred Bridgehead Server

Click this

option


50/70


51/70


52/70


Creating a Preferred Bridgehead Server

Click OK


53/70


54/70


55/70


56/70


57/70


Forcing KCC to run

Click OK


58/70


Common Replication Problems

SYMPTOM POSSIBLE CAUSES

Replication does not finish or * Sites not connected by site links

occur * No bridgehead server in the site

Replication is slow * Inefficient site topology and schedule

Client computers receive a * No domain controller online in client site

slow response * Not enough domain controllers

Replication greatly increases * Insufficient bandwidth

network traffic * Incorrect site topology

The KCC cannot complete the * Exception in the KCCtopology


59/70


60/70


Configure Replication Monitor

Type the command


61/70


62/70


63/70



Right click the monitor

server and select ADD

MONITOR SERVER


64/70



Mention the

server name

Click Next


65/70


66/70


67/70


Dcdiag Tool

Analyze the state of a domain controller and reportany problems

Perform a series of tests to verify different areas of

the system


68/70


69/70


70/70

Dcdiag Tool

Documents

MCSE-08-Implementing of an Active Directory Service-09-Theory