Working with

Active Directory
Sites
Lesson
3

Skills Matrix
Technology Skill

Objective Domain

Objective #

Introducing Active
Directory Sites

Configure sites

2.3

Configuring Active
Directory Replication

Configure Active
Directory replication

2.4

Logical Versus Physical Structure

Logical
Forest
Trees
Domains
OUs
Leaf objects

Physical
IP Subnets/Sites
Domain Controllers

Active Directory Sites

Sites are defined by IP subnets that are
well-connected, which means that
network infrastructure between them is
fast and reliable.
In most cases, an Active Directory site will
map to a single LAN.

Multiple sites will be joined together by

site links.
Intersite replication takes place along site
links that you defined within Active
Directory Sites and Services.

Sites
When clients log on to Active
Directory, they use DNS to query the
Active Directory site topology to locate
the closest available domain controller
and other network resources.
Domain controllers use the site
topology to establish replication
partners that provide efficiency and
keep the Active Directory database
consistent.

Default-First-Site-Name
When you install the forest root
domain controller in an Active
Directory forest, the Active Directory
Installation Wizard creates a single site
called Default-First-Site-Name.
The forest root domain controller
server object is placed within the
Servers folder of this site.
The site can be renamed to more
accurately reflect a physical location.

Default-First-Site-Name

Active Directory Replication

The process of duplicating Active Directory
information between domain controllers for
the purposes of fault tolerance and
redundancy.
Based on a multimaster replication model, in
which the domain controllers from each
domain participate in the replication process
for that domain.
They also replicates forest-wide schema and
configuration information.

Active Directory sites are the means by which

administrators can control replication traffic.

Active Directory Replication

Domain controllers that reside within the same
site participate in intrasite replication.
Transmit changes to the Active Directory database
almost as soon as they occur.

Domain controllers located in different sites will

participate in intersite replication.
Occurs on a scheduled basis (every 15 minutes by
default).
Intersite replication traffic is also compressed by
default to decrease the use of network bandwidth.
Remember the goal is to minimize bandwidth
usage.

Active Directory Replication

Remember:
Intra means internal, such as an
intranet (your own network).
Inter means external, such as the
Internet (a conglomeration of
networks).

Active Directory Replication

Understanding the Replication Process

Replication within Active Directory
will occur when one of the following
conditions is met:
An object is added or removed from
Active Directory.
The value of an attribute has
changed.
The name of an object has changed.

Understanding the Replication Process

To track changes from different sources and
determine which objects need to be replicated
from one domain controller to another, each
domain controller uses the following:
Update sequence number (USN) that keeps
track of changes that are made at each DC
and thus keeps track of which updates should
be replicated to other domain controllers.
Each Active Directory attribute has a version
ID associated with it that keeps track of how
many times that attribute has been changed.
timestamp, the time when the modification
took place.

Understanding the Replication Process

When replicating information between sites,
Active Directory will designate a bridgehead
server in each site to act as a gatekeeper in
managing site-to-site replication.

Allows intersite replication to update only one

domain controller within a site (usually over a
slower WAN link).
After a bridgehead server is updated, it
updates the remainder of its domain controller
partners with the newly replicated information.
Active Directory convergence describes the
amount of time that it takes for this process to
take place so that all domain controllers in the
environment contain the most up-to-date
information.

Active Directory Replication

Knowledge Consistency Checker (KCC)

Each domain controller uses an internal
process called the Knowledge Consistency
Checker (KCC) to map the logical network
topology between the domain controllers.
For each domain controller in the site, the
KCC will select one or more replication
partners for that domain controller and will
create connection objects between the
domain controller and its new replication
partners.
Each connection object is a one-way
connection.

Viewing Active Directory Connection

Objects
Open the Active Directory Sites and
Services MMC snap-in.
Click the Sites folder, select the
desired site, and then click the
Servers folder.
Expand the server name for which
you wish to view connection objects
and right-click NTDS Settings. Click
Properties.

Viewing Active Directory Connection

Objects

Viewing Active Directory Connection

Objects

Creating a New Site

In Active Directory Sites and
Services, right-click the Sites folder
and select New Site.
In the New Object-Site dialog box,
key the name for the site based on
your plan.
Select the DefaultIPSiteLink from the
list of site names and click OK to
complete the site creation.

Creating a New Subnet

In Active Directory Sites and Services,
right-click the Subnets folder.
Select New Subnet from the menu.
In the New Object-Subnet dialog box,
enter the IP address and subnet mask
that correspond to the segment in
your design.
Select the site you wish to associate
with this subnet and click OK.

Creating a New Subnet

Configuring Intersite Replication

Cost
Allows the administrator to define the path
that replication will take.
If more than one path can be used to
replicate information, cost assignments will
determine which path is chosen first.
A lower-numbered cost value will be chosen
over a higher-numbered cost value.
Cost values can use a value of 1 to 99,999.
Chosen by the Active Directory administrator
and are relational only to one another.

Configuring Intersite Replication

Schedule
The schedule of the site link object
determines when the link is available
to replicate information.
By default, newly created site link
objects are available for replication
24/7.

Configuring Intersite Replication

Frequency
A site links frequency determines
how often information will be
replicated over a particular site link.
Keep in mind that replication will take
place only during scheduled hours.
The default replication frequency for
a new site link is 180 minutes, but it
can be configured to take place as
frequently as every 15 minutes and
as infrequently as once per week.

Replication Protocol
For both intrasite and intersite
replication, Active Directory uses
Remote Procedure Calls over
Internet Protocol (RPC over IP) by
default for all replication traffic.
RPC is commonly used to communicate
with network services on various
computers, whereas IP is responsible for
the addressing and routing of the data.
RPC over IP replication keeps data secure
while in transit by using both
authentication and encryption.

Replication Protocol
Simple Mail Transport Protocol (SMTP) is
an alternative solution for intersite replication
when a direct or reliable IP connection is not
available.
Use asynchronous replication, meaning that
each replication transaction does not need to
complete before another can start because the
transaction can be stored until the destination
server is available.
SMTP cannot replicate domain directory
partitions.
Requires an enterprise certification authority
(CA) that is fully integrated with Active Directory.

Replication Protocol
Unlike RPC over IP, SMTP does not
adhere to schedules and should be
used only when replicating between
different domains over an extremely
slow or unreliable WAN link.

Creating a New Site Link Object

In Active Directory Sites and
Services, expand the Inter-Site
Transports folder.

Summary of Replication Methods

Refreshing the Intrasite Replication

Topology
In Active Directory Sites and
Services, expand Sites, followed by
the site where you wish to run the
KCC.
Expand Servers and double-click one
of the domain controllers.
In the details pane, right-click NTDS
Settings, click All Tasks and select
Check Replication Topology.

Determining Which Server Holds the

ISTG Role
In Active Directory Sites and
Services, expand the Sites folder and
then expand the appropriate site.
In the Details pane, right-click NTDS
Site Settings and then select
Properties. The Properties page
displays the server holding the ISTG
role.

Determining Which Server Holds the

ISTG Role
To force the KCC to regenerate the
intersite topology, right-click NTDS
Settings.
Click All Tasks and then select Check
Replication Topology.

Forcing Manual Replication

In Active Directory Sites and Services,
expand Sites, followed by the site that
contains the connection for which you
wish to force replication.
Locate the server in the Servers
container that provides the connection
object.
Click NTDS Settings in the console tree.
In the details pane, right-click the
connection for which you want replication
to occur and select Replicate Now.

Monitoring Replication
Dcdiag
Repadmin

Dcdiag
A command-line tool used for
monitoring Active Directory.
Perform connectivity and replication
tests, reporting errors that occur.
Report DNS registration problems.
Analyze the permissions required for
replication.
Analyze the state of domain
controllers within the forest.

Repadmin
A command-line tool used for the following:

To view the replication topology from the

perspective of each domain controller.
To manually create a replication topology if site
link bridging is disabled because the network is
not fully routed.
To force replication between domain controllers
when you need updates to occur immediately
without waiting for the next replication cycle.
To view the replication metadata, which is the
combination of the actual data and the up-todate vector or USN information. This is helpful
in determining the most up-to-date information
prior to seizing an operations master role.

Summary
You learned how to define and
manage sites and site links.
You learned how to determine a site
strategy based on the physical
network infrastructure.
You learned how to use Active
Directory Sites and Services to
configure replication.

Summary
You learned how to understand the
differences between intrasite and
intersite replication.
You learned how to describe the role
of the Intersite Topology Generator
(ISTG) and Knowledge Consistency
Checker (KCC) in site replication.

Summary
You learned how to optimize
replication by configuring bridgehead
servers and site link bridging.
You learned how to monitor
replication using dcdiag and
repadmin.