04-Configuring Active Directory Sites and Replication
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (790.32 KB, 35 trang )
<span class='text_page_counter'>(1)</span><div class='page_container' data-page=1></div>
<span class='text_page_counter'>(2)</span><div class='page_container' data-page=2>
Module Overview
• Overview of Active Directory Domain Services Replication
• Overview of AD DS Sites and Replication
</div>
<span class='text_page_counter'>(3)</span><div class='page_container' data-page=3>
Lesson 1: Overview of Active Directory Domain
Services Replication
• How Active Directory Replication Works
• How AD DS Replication Works Within a Site
• Resolving Replication Conflicts
• Optimizing Replication
• What Are Directory Partitions?
• What Is Replication Topology?
• How Directory Partitions and the Global Catalog
Are Replicated
• How the Replication Topology Is Generated
</div>
<span class='text_page_counter'>(4)</span><div class='page_container' data-page=4>
How Active Directory Replication Works
Active Directory replication:
• Uses a multimaster model
• Uses pull replication
• Uses store and forward replication
• Uses loose consistency with convergence
• Addition of an object to Active Directory
• Modification of an object’s attribute values
</div>
<span class='text_page_counter'>(5)</span><div class='page_container' data-page=5>
How AD DS Replication Works Within a Site
In a single site:
• Domain controllers notify replication partners when
updates are applied
• For normal updates, the change notification happens
15 seconds after the change is applied
• Notifications for security related changes are
sent immediately
</div>
<span class='text_page_counter'>(6)</span><div class='page_container' data-page=6>
Resolving Replication Conflicts
In a multimaster replication model, replication conflicts can
arise when:
• The same attribute is changed on two domain controllers
simultaneously
• An object is moved or added to a deleted container on
another domain controller
• Two objects with the same relative distinguished name are
added to the same container on two different domain controllers
To resolve replication conflicts, AD DS uses:
</div>
<span class='text_page_counter'>(7)</span><div class='page_container' data-page=7>
Optimizing Replication
• In a multimaster replication model, AD DS updates
can be replicated using multiple paths
• AD DS uses update sequence numbers, high watermarks,
and up-to-dateness vectors to ensure that updates
</div>
<span class='text_page_counter'>(8)</span><div class='page_container' data-page=8>
What Are Directory Partitions?
<b>Active Directory </b>
<b>Database</b>
<b>Active Directory </b>
<b>Database</b>
<b>Configurable</b>
<b>replication</b>
<b>Domain</b>
<b>Forest</b> <b><sub>Schema</sub></b>
<b>Configuration</b>
<b><Domain></b>
<b><Application></b>
Definitions and rules for
creating and manipulating
objects and attributes
Information about the
Active Directory structure
Information about
domain-specific objects
Information about
applications
</div>
<span class='text_page_counter'>(9)</span><div class='page_container' data-page=9>
Domain A Topology
<b>Domain controllers in </b>
<b>the same domain</b>
<b>Domain controllers in </b>
<b>the same domain</b>
<b>A1</b> <b>A2</b>
<b>A3</b> <b>A4</b>
What Is Replication Topology?
Domain A Topology
Domain B Topology
<b>A1</b> <b>A2</b>
<b>A3</b> <b>A4</b>
<b>B1</b>
<b>B2</b>
<b>B3</b>
<b>Domain controllers </b>
<b>from various domains</b>
</div>
<span class='text_page_counter'>(10)</span><div class='page_container' data-page=10>
How Directory Partitions and the Global Catalog
Are Replicated
Domain A topology
Domain B topology
Schema and configuration
topology
Global catalog replication
<b>A1</b> <b>A2</b>
<b>A3</b> <b>A4</b>
<b>B1</b>
<b>B2</b>
<b>B3</b>
<b>Domain controllers </b>
<b>from various domains</b>
<b>Domain controllers </b>
<b>from various domains</b>
</div>
<span class='text_page_counter'>(11)</span><div class='page_container' data-page=11>
How the Replication Topology Is Generated
•<b> </b>Each domain controller has two replication partners
for each Active Directory partition
• The KCC creates two one-way connection objects
between replication partners to ensure that no two domain
controllers are ever more than three network hops away
• When a new domain controller is added to a site,
the KCC recalculates connection objects
• Connection objects can replicate one or more partitions
</div>
<span class='text_page_counter'>(12)</span><div class='page_container' data-page=12>
Demonstration: Creating and Configuring
Connection Objects
In this demonstration, you will see how to create
</div>
<span class='text_page_counter'>(13)</span><div class='page_container' data-page=13>
Lesson 2: Overview of AD DS Sites
and Replication
• What Are AD DS Sites and Site Links?
• Discussion: Why Implement Additional Sites?
• Demonstration: Configuring AD DS Sites
• How Replication Works Between Sites
• Comparing Replication Within Sites and Between Sites
• Demonstration: Configuring AD DS Site Links
• What Is the Inter-site Topology Generator?
</div>
<span class='text_page_counter'>(14)</span><div class='page_container' data-page=14>
What Are AD DS Sites and Site Links?
<b>Site</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>A1</b>
<b>A2</b>
<b>Site Link</b>
<b>Site Link</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>Site</b>
<b>B3</b>
<b>B1</b> <b>B2</b>
<b>Sites:</b>
• <b>Identify network </b>
<b>locations with fast </b>
<b>reliable network </b>
<b>connections</b>
</div>
<span class='text_page_counter'>(15)</span><div class='page_container' data-page=15>
Discussion: Why Implement Additional Sites?
• Why would an organization choose to implement
additional sites?
</div>
<span class='text_page_counter'>(16)</span><div class='page_container' data-page=16>
Demonstration: Configuring AD DS Sites
In this demonstration, you will see how to:
• Create sites and subnets
</div>
<span class='text_page_counter'>(17)</span><div class='page_container' data-page=17>
<b>Site</b>
<b>A1</b>
<b>A2</b>
<b>Site Link</b>
<b>Site Link</b>
<b>Site</b>
<b>B3</b>
<b>B1</b> <b>B2</b>
<b>You can configure:</b>
• <b>Replication paths </b>
<b>between sites</b>
• <b>Replication schedules</b>
<b>and frequency </b>
• <b>Replication protocols</b>
</div>
<span class='text_page_counter'>(18)</span><div class='page_container' data-page=18>
Comparing Replication Within Sites and
Between Sites
<b>Replication Within Sites:</b>
Assumes fast and highly
reliable network links
Does not compress
replication traffic
Uses a change notification
mechanism
<b>Replication Between Sites:</b>
Assumes limited available
bandwidth and unreliable
network links
Compresses all replication
traffic between sites
</div>
<span class='text_page_counter'>(19)</span><div class='page_container' data-page=19>
Demonstration: Configuring AD DS Site Links
In this demonstration, you will see how to:
• Configure the default site link
• Create additional site links
</div>
<span class='text_page_counter'>(20)</span><div class='page_container' data-page=20>
What Is the Inter-site Topology Generator?
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>A1</b>
<b>A2</b>
<b>Bridgehead </b>
<b>server</b>
<b>Bridgehead </b>
<b>server</b>
<b>Replication</b>
<b>Replication</b>
<b>B2</b>
<b>Bridgehead server</b>
<b>Bridgehead server</b>
<b>B1</b>
<b>Replication</b>
<b>Replication</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>Replication</b>
<b>Replication</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>Inter-site topology generator</b>
<b>Inter-site topology generator</b>
• <b>The inter-site </b>
<b>topology generator </b>
<b>defines the </b>
<b>replication between </b>
<b>sites on a network </b>
<b>Inter-site topology</b>
<b>generator</b>
</div>
<span class='text_page_counter'>(21)</span><div class='page_container' data-page=21>
How Unidirectional Replication Works
• <b>Unidirectional replication </b>
<b>ensures that changes to a </b>
<b>read-only domain </b>
</div>
<span class='text_page_counter'>(22)</span><div class='page_container' data-page=22>
Lesson 3: Configuring and Monitoring
AD DS Replication
• What Is a Bridgehead Server?
• Demonstration: Configuring Bridgehead Servers
• Demonstration: Configuring Replication Availability
and Scheduling
• What Is Site Link Bridging?
• Demonstration: Modifying Site Link Bridges
• What Is Universal Group Membership Caching?
• Demonstration: Configuring Universal Group
Membership Caching
</div>
<span class='text_page_counter'>(23)</span><div class='page_container' data-page=23>
What Is a Bridgehead Server?
<b>A bridgehead server:</b>
• <b>Sends and receives </b>
<b>replicated data</b>
• <b>Is designated for </b>
<b>each partition in </b>
<b>the site</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b> <b>Bridgehead ServerBridgehead Server</b>
</div>
<span class='text_page_counter'>(24)</span><div class='page_container' data-page=24>
Demonstration: Configuring Bridgehead Servers
In this demonstration, you will see how to configure
</div>
<span class='text_page_counter'>(25)</span><div class='page_container' data-page=25>
Demonstration: Configuring Replication
Availability and Frequency
</div>
<span class='text_page_counter'>(26)</span><div class='page_container' data-page=26>
What Is Site Link Bridging?
<b>IP</b> <b>Subnet</b>
<b>IP</b> <b>Subnet</b>
<b>IP</b> <b>Subnet</b>
<b>IP</b> <b>Subnet</b>
<b>Site B</b>
<b>IP</b> <b>Subnet</b>
<b>IP</b> <b>Subnet</b>
<b>IP</b> <b>Subnet</b>
<b>IP</b> <b>Subnet</b>
<b>Site A</b>
<b>IP</b> <b>Subnet</b>
<b>IP</b> <b>Subnet</b>
<b>IP</b> <b>Subnet</b>
<b>IP</b> <b>Subnet</b>
<b>A1</b>
<b>A2</b>
<b>Site Link Bridge</b>
<b>Site Link Bridge</b>
<b>B2</b>
<b>Site Link BC</b>
<b>Site Link BC</b>
<b>Site Link AB</b>
<b>Site Link AB</b>
<b>B1</b>
<b>B3</b>
<b>C2</b>
<b>C1</b>
</div>
<span class='text_page_counter'>(27)</span><div class='page_container' data-page=27>
Demonstration: Modifying Site Link Bridges
In this demonstration, you will see how to:
• Disable site link bridging
</div>
<span class='text_page_counter'>(28)</span><div class='page_container' data-page=28>
What Is Universal Group Membership Caching?
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>A1</b>
<b>A2</b>
<b>Bridgehead </b>
<b>server</b>
<b>Bridgehead </b>
<b>server</b>
<b>Bridgehead server</b>
<b>Bridgehead server</b>
<b>B1</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>IP Subnet</b>
<b>Global Catalog Server</b>
<b>Global Catalog Server</b>
• <b>Enables domain </b>
<b>controllers in a site </b>
<b>with no global </b>
<b>catalog servers to </b>
<b>cache universal </b>
</div>
<span class='text_page_counter'>(29)</span><div class='page_container' data-page=29>
Demonstration: Configuring Universal Group
Membership Caching
In this demonstration, you will see how to:
• Configure universal group membership caching for a site
</div>
<span class='text_page_counter'>(30)</span><div class='page_container' data-page=30>
Demonstration: Tools for Monitoring and
Managing Replication
In this demonstration you will see how to:
• Identify the domain controller holding the ISTG role
• Force the KCC to run, and how to force replication
</div>
<span class='text_page_counter'>(31)</span><div class='page_container' data-page=31>
Lab: Configuring Active Directory Sites and
Replication
• Exercise 1: Configuring AD DS Sites and Subnets
• Exercise 2: Configuring AD DS Replication
• Exercise 3: Monitoring AD DS Replication
Logon information
Virtual machine <b>NYC-DC1, LON-DC1, MIA-RODC,</b>
<b>NYC-RAS</b>
User name <b>Administrator</b>
Password <b>Pa$$w0rd</b>
</div>
<span class='text_page_counter'>(32)</span><div class='page_container' data-page=32>
Lab Review
• What additional changes would you need to make to the
AD DS site configuration if you needed to ensure that all
replication traffic in the New-York site passed through
NYC-DC2?
• What additional changes would you need to make if you
implemented another WAN connection between Tokyo and
London, and wanted to use that WAN connection for AD
DS replication instead of routing all replication changes
through NewYork-Site?
</div>
<span class='text_page_counter'>(33)</span><div class='page_container' data-page=33>
Module Review and Takeaways
• Review questions
• Considerations for configuring AD DS sites and replication
</div>
<span class='text_page_counter'>(34)</span><div class='page_container' data-page=34>
Beta Feedback Tool
• Beta feedback tool helps:
Collect student roster information, module feedback, and
course evaluations.
Identify and sort the changes that students request, thereby
facilitating a quick team triage.
Save data to a database in SQL Server that you can later
query.
</div>
<span class='text_page_counter'>(35)</span><div class='page_container' data-page=35>
Beta Feedback
• <b>Overall flow of module:</b>
Which topics did you think flowed smoothly, from topic to
topic?
Was something taught out of order?
• <b>Pacing:</b>
Were you able to keep up? Are there any places where the
pace felt too slow?
Were you able to process what the instructor said before
moving on to next topic?
Did you have ample time to reflect on what you learned? Did
you have time to formulate and ask questions?
• <b>Learner activities:</b>
Which demos helped you learn the most? Why do you think
that is?
Did the lab help you synthesize the content in the module?
Did it help you to understand how you can use this
knowledge in your work environment?
Were there any discussion questions or reflection questions
that really made you think? Were there questions you
</div>
<!--links-->
