Professional Documents
Culture Documents
Partitions:-
Introductions
The Active Directory database is logically separated into directory partitions, a schema partition, a
configuration partition, domain partitions, and application partitions. Each partition is a unit of
replication, and each partition has its own replication topology. Replication is performed between
directory partition replicas. All domain controllers in the same forest have at least two directory
partitions in common: the schema and configuration partitions. All domain controllers in the same
domain, in addition, share a common domain partition.
Schema Partition:
There is only one schema partition per forest. The schema partition is stored on all domain controllers
in a forest. The schema partition contains definitions of all objects and attributes that can be created in
the directory, and the rules for creating and manipulating them. Schema information is replicated to all
domain controllers in the forest, so all objects must comply with the schema object and attribute
definitions.
Configuration Partition:
There is only one configuration partition per forest. The configuration partition is stored on all domain
controllers in a forest. The configuration partition contains information about the forest-wide Active
Directory structure, including what domains and sites exist, which domain controllers exist in each,
and which services are available. Configuration information is replicated to all domain controllers in a
forest.
Domain Partition:
There can be many domain partitions per forest. The domain partitions are stored on all of the domain
controllers of the given domain. A domain partition holds information about all domain-specific
objects created in that domain, including users, groups, computers, and organizational units. The
domain
partition is replicated to all domain controllers of that domain. All objects in every domain partition in
a forest are stored in the Global Catalog with only a subset of its attribute values.
REPLICATIONS:
The replication process occurs between two domain controllers at a time. Over time, replication
synchronizes information in Active Directory for an entire forest of domain controllers. To create a
replication topology, Active Directory must determine which domain controllers replicate data with
other domain controllers.
SITES
Introduction
Replication ensures that all information in Active Directory is current on all domain controllers and
client computers across your entire network. Many networks consist of a number of smaller networks,
and the network links between these networks may operate at varying speeds. Sites in Active
Directory enable you to control replication traffic and other types of traffic related to Active Directory
across these various network links. You can use subnet objects, site links, and site link bridges to help
control the replication topology when configuring replication between sites. An efficient, reliable
replication topology depends on the configuration of site links and site link bridges.
Introduction
You use sites to control replication traffic , logon traffic, and requests to the Global Catalog server.
Sites
In Active Directory, sites help define the physical structure of a network. A site is defined by a set of
Transmission Control Protocol/Internet Protocol (TCP/IP) subnet address ranges. Sites are used to
define a group of domain controllers that are well-connected in terms of speed and cost. Sites consist
of server objects, which contain connection objects that enable replication.
Subnet Objects
The TC P/IP subnet address ranges are represented by subnet objects that group computers. For
example, a subnet object might represent all the computers on a floor in a building, or on a campus.
Subnet objects are associated with sites and, because the subnet objects map to the physical network,
so do the sites. For example, if you have three subnets that represent three campuses in a city, and
these campuses are connected by high-speed, highly available connections, you could associate each
of those subnets with the same site. A site can consist of one or more subnets. For example, on a
network with three subnets in Redmond and two in Paris, the administrator can create a site in
Redmond, a site in Paris, and then add the subnets to the respective sites.
Default Site
A default site is set up automatically when you install Windows Server 2003 on the first domain
controller in a forest. This site is called Default-First-Site- Name. This site can be renamed. When you
create your first domain in a forest it is automatically placed in the default site.
Introduction
In order for two sites to exchange replication data, they must be connected by a site link. A site link is
a connection that enables replication traffic to travel between sites. Site links represent the physical
connections available between sites.
Introduction
This section describes the main differences between replication within sites and replication between
sites.
Introduction
To use sites for managing replication between sites, you create additional sites and subnets.
Introduction
The bridgehead server is a domain controller that is designated to send and receive replicated data at
each site. The bridgehead server from the originating site collects all of the replication changes and
then sends them to the receiving site.s bridgehead server, which replicates the changes to all domain
controllers within the site.
Introduction
The intersite topology generator is an Active Directory process that runs on one domain controller in a
site. A single domain controller in each site is automatically designated to be the intersite topology
generator. The intersite replication topology defines the replication between sites on a network.
Functions
The domain controller that holds the intersite topology generator role performs two functions:
1. It selects one or more domain controllers to become bridgehead servers. If a bridgehead
server becomes unavailable, it will automatically select another bridgehead server, if possible.
2. It runs the KCC to determine the replication topology and resultant connection objects to be
used by the bridgehead servers to communicate with the bridgehead servers of other sites. If
the domain controller designated as the intersite topology generator becomes unavailable,
another domain controller will be automatically designated.
Replication Monitor
Introduction
To adjust replication traffic patterns, you must be able to view replication traffic across your network.
You can view replication traffic by using Replication Monitor. Replication Monitor displays in
graphical format the replication topology of connections between servers on the same site. It enables
administrators to view low-level status and performance of replication between Active Directory
domain controllers. It also includes functions that are wrapped application programming interfaces
(APIs) to make it easy to write a replication script with just a few lines of code.
Functions
With Replication Monitor, you can:
1. Display replicating information both directly and transitively.
2. Display each USN value, the number of and reason for failed replication attempts, and the
flags used for direct replication partners. If the failure meets or exceeds an administrator-
defined value, it can write to an event log and send e-mail notification.
3. Poll the server at an administrator-defined interval to get current statistics and replication
state, and to save a log file history.
4. Allow administrators to show which objects have not yet replicated from a particular
computer
5. Allow administrators to synchronize between two domain controllers.
6. Allow administrators to use the KCC to recalculate the replication topology. You can run the
replication Monitor on any domain controller, member server, or stand-alone computer that
runs Windows Server 2003.
You use Replication Monitor to view replication between domain controllers in a domain.
To configure Replication Monitor, perform the following steps:
1. To open Active Directory Replication Monitor, click Start, click Run, type
replmon and then click OK.
2. On the View menu, click Options.
3. On the Active Directory Replication Monitor Options page, click the Status Logging tab, click
Display Changed Attributes when Replication Occurs, and then click OK.
4. Right-click Monitored servers, and then click Add Monitored Server.
5. In the Add Server to Monitor Wizard, click Add the server explicitly by
name, and then click Next.
In addition to command-specific switches, there are three common switches that should be used with
the dcdiag command:
1./v. Provides verbose results. When using the /v, the output from dcdiag provides a lot of information
that can help in the troubleshooting. In addition, dcdiag provides for each test a summary line at the
end of the information about the test that indicates whether or not the test passed or failed.
2. /f:LogFile. Redirects output to the specified log file.
3. /ferr:ErrLog. Redirects fatal error output to a separate log file.
How to Resolve Replication Problems ?
Determine the site link protocol.
It is recommended that you use RPC. Use SMTP only as a back-up transport method or when a
network link does not support RPC. Because SMTP is capable of storing messages and then
forwarding them, it is the replication transport method to use in an unreliable network. The SMTP
transport method supports replication of the schema, configuration, and global catalog directory
partitions, but cannot be used for replication of the domain partition between domain controllers
belonging to that domain.
3. Create multiple bridgehead servers for multiple directory partitions. Because a bridgehead server is
designated for each directory partition, there may be multiple bridgehead servers in a particular site.
For example, you have two sites, Redmond and Charlotte, and two domains, contoso.msft and
nwtraders.msft. Each site has a domain controller from each domain. In this case, replication of the
two domain directory partitions can occur between the two sites only if the domain controllers for
nwtraders.msft and contoso.msft are selected as bridgehead servers in each site. Therefore, if
there is a single domain controller for a domain in a site, that domain controller must be a bridgehead
server in its site because it can replicate domain data to only a domain controller in its own domain. In
addition, that single domain controller must be able to connect to a bridgehead server in the other site
that also holds the same domain directory partition.
Global Catalog Server
Introduction
A global catalog is created automatically on the initial domain controller in the forest and is known as
global catalog server. You can add global catalog functionality to other domain controllers or change
the default location of the global catalog to another domain controller.
Functions
A global catalog server performs the following key functions:
1. It enables network logon by providing universal group membership information to a domain
controller when a logon process is initiated.
2. It enables finding directory information regardless of which domain in the
forest actually contains the data.
2. Do not place a domain controller in a site if there is not adequate physical security or proper
computer maintenance at the site. Physical security is very important. If an intruder has physical
access to a server, it is much easier for the intruder to bypass the security settings and access or
modify critical corporate data. In addition, if there are no local computer maintenance personnel, a
hardware or software failure on a domain controller may disrupt service for an unacceptable period of
time.
3.Determine the number of domain controllers based on the number of users and the required
performance characteristics. Use Active Directory Sizer to determine specific CPU, memory, and
network values. In addition to the information provided by Active Directory Sizer, you should take
into
consideration fault tolerance requirements. If Active Directory Sizer recommends only a single
domain controller for a site, but you require users to be able to log on and access local, server-based
resources if a WAN link fails, you may consider placing a second domain controller in the site to meet
your fault tolerance requirements.
In an ideal environment, you would have a global catalog server at each site that
can service Active Directory query requests. However, too many global catalog
servers may significantly increase network traffic because of the partial
replication of all objects from all domains. Therefore, you must develop a plan
that is based on the capability of your network.
Apply the following guidelines for placing global catalog servers in sites:
1. Ensure that the global catalog server has the disk capacity to hold partial replicas of all
objects from all other domains in Active Directory.
2. Ensure that a global catalog server is able to respond to client queries and authentication
requests without any delay. If there is a large number of users in a site, or if logon
authentication is slow, consider placing more than one global catalog server in the site.
3. Provide enough WAN bandwidth to support global catalog replication traffic.
4. Provide redundant global catalog servers. Having access to a second global catalog server on
your network will help protect against failure of a global catalog server. If the servers are
remote, this will not protect against WAN failures.
5. Consider making all domain controllers global catalog servers if you have a single domain in
a forest. This is because there is little additional replication traffic to support the global
catalog servers while allowing global catalog queries to be distributed among all of the
domain controllers.
6. Place a global catalog server in each site that contains a server running Microsoft Exchange
2000 Server. Exchange 2000 uses Active Directory as its directory. All mailbox names are
resolved through queries that go through Active Directory. When a query occurs, Exchange
2000 queries a global catalog server. Therefore, the number of queries a global catalog server
must handle can increase extensively in a large Exchange 2000 environment. The
recommendation is to place one global catalog server per site dedicated to Microsoft
Exchange 2000 global address list lookups.