Module 4: Configuring

Active Directory Sites

and Replication

Module Overview
Overview of Active Directory Domain Services Replication
Overview of AD DS Sites and Replication
Configuring and Monitoring AD DS Replication

Lesson 1: Overview of Active Directory Domain

Services Replication
How Active Directory Replication Works
How AD DS Replication Works Within a Site
Resolving Replication Conflicts
Optimizing Replication
What Are Directory Partitions?
What Is Replication Topology?
How Directory Partitions and the Global Catalog

Are Replicated

How the Replication Topology Is Generated

Demonstration: Creating and Configuring

Connection Objects

How Active Directory Replication Works

Active Directory replication:
Uses a multimaster model
Uses pull replication
Uses store and forward replication
Uses loose consistency with convergence

Changes that initiate replication include:

Addition of an object to Active Directory
Modification of an objects attribute values
Deletion of an object from the directory
4

How AD DS Replication Works Within a Site

In a single site:
Domain controllers notify replication partners when
updates are applied
For normal updates, the change notification happens
15 seconds after the change is applied
Notifications for security related changes are
sent immediately
Replication updates are not compressed

Resolving Replication Conflicts

In a multimaster replication model, replication conflicts can
arise when:
The same attribute is changed on two domain controllers
simultaneously
An object is moved or added to a deleted container on
another domain controller
Two objects with the same relative distinguished name are
added to the same container on two different domain controllers
To resolve replication conflicts, AD DS uses:
Version number

Time stamp

Server GUID

Optimizing Replication
In a multimaster replication model, AD DS updates
can be replicated using multiple paths
AD DS uses update sequence numbers, high watermarks,
and up-to-dateness vectors to ensure that updates
are replicated to a specific domain controller only once

What Are Directory Partitions?

Instance (AD LDS)

AD DS
Contains:
Definitions and rules for
creating and manipulating
objects and attributes

Forest

Schema

Configuration
Domain

Information about the

Active Directory structure
Information about domainspecific objects

<Domain>
Configurable
replication

<Application>

Information about
applications

Active Directory
Database

Forest 1

Tree/Root
Trust

Forest 2

Forest
Trust

Parent/Child
Trust

Domain D

Domain E

Forest
(root)

Forest
(root)

Domain A

Domain B

Shortcut Trust
Domain F

Domain C

Realm
Trust

Domain P

Domain Q

External
Trust

Kerberos Realm

Instance l mt b cc directory partition c

lin quan
Trong nhiu trng hp, mt instance c th l mt

domain controller

Trong mi trng Active Directory, mi mt domain

controller gm c ba directory partition.

Configuration Mc configuration lu cc thng tin cu hnh

c lin quan n forest m trong domain controller tn ti.
Mc cu hnh lu cc i tng cu hnh c lin quan n
nhng th nh v tr, dch v v directory partition.

Schema Partition ny lm vic ging nh cc gin c s

d liu khc. N nh ngha cc lp, thuc tnh cho mi i
tng c th trong ton b Active Directory.

Domain Partition ny lu cc i tng c th cho min.

Cc i tng ny gm c nhng th nh user, computer v
group.

10

What Is Replication Topology?

A1
A1

A2
A2

B2

A3
A3

A4
A4

B3

B1

Domain controllers
controllers in
Domain
from
various
domains
the
same
domain

Domain A Topology
Domain A Topology
Domain B Topology

11

How Directory Partitions and the Global Catalog

Are Replicated
Global catalog
server

A1

A2

B2

A3

A4

B3

B1

Global catalog
server

Global catalog
server

Domain controllers
from various domains

Domain A topology
Domain B topology
Schema and configuration
topology
Global catalog replication

12

How the Replication Topology Is Generated

Active Directory uses the KCC (Knowledge Consistency Checker) to
establish a replication path between domain controllers

Each domain controller has two replication partners

for each Active Directory partition
The KCC creates two one-way connection objects
between replication partners to ensure that no two domain
controllers are ever more than three network hops away
When a new domain controller is added to a site,
the KCC recalculates connection objects
Connection objects can replicate one or more partitions

13

How the Replication Topology Is Generated

Active Directory uses the KCC (Knowledge Consistency Checker) to
establish a replication path between domain controllers
The Knowledge Consistency Checker (KCC) is an Active

Directory component that is responsible for the generation

of the replication topology between domain controllers.

This article describes the role of one server per site,

known as the Inter-Site Topology Generator, which is

responsible for managing the inbound replication
connection objects for all bridgehead servers in the site in
which it is located.

14

Demonstration: Creating and Configuring

Connection Objects
In this demonstration, you will see how to create connection
objects and configure existing connection objects

15

Lesson 2: Overview of AD DS Sites

and Replication
What Are AD DS Sites and Site Links?
Discussion: Why Implement Additional Sites?
Demonstration: Configuring AD DS Sites
How Replication Works Between Sites
Comparing Replication Within Sites and Between Sites
Demonstration: Configuring AD DS Site Links
What Is the Inter-site Topology Generator?
How Unidirectional Replication Works

16

 Sites are used to organize well-connected computers

within an organization to optimize network

bandwidth. Excessive network traffic can occur
between remote locations due to frequent exchange
of large amounts of data and directory information.

17

What Are AD DS Sites and Site Links?

Sites:

A1

Identify network
locations with fast
reliable network
connections

A2
IP Subnet

Are associated with

subnet objects in
Active Directory

Site

B1

B2

IP Subnet

Site Link

B3

IP Subnet

Site

IP Subnet

18

Use sites to optimize network bandwidth

Workstation logon traffic.
Replication traffic:

When a change occurs in Active Directory, sites can be used to

control how and when the change is replicated to domain
controllers in another site.

Distributed file system (Dfs) topology

When a shared file or folder has multiple locations, a user will

be directed to a server in his or her own site. Localizing the
availability of servers in a site reduces traffic across slow links.

File Replication service (FRS)

FRS is used to replicate the contents of the SYSVOL directory,

which includes logon and logoff scripts, Group Policy settings,
and system policies

19

Assess the need for sites

Available bandwidth.
Anticipated replication traffic.
Placement of domain controllers.

20

Using Site Links in a Network

21

Factors Affecting Replication

22

23

Discussion: Why Implement Additional Sites?

Why would an organization choose to implement

additional sites?

What are the benefits and disadvantages of creating

additional sites?

24

Demonstration: Configuring AD DS Sites

In this demonstration, you will see how to:
Create sites and subnets
Move domain controllers to other sites

25

How Replication Works Between Sites

You can configure:

A1
A2

Replication paths
between sites
Replication schedules
and frequency

Site

Replication protocols

B1

B2

B3

Site

Site Link

Comparing Replication Within Sites and

Between Sites
Replication Within Sites:
A1

Assumes fast and highly

reliable network links

IP
IP Subnet
Subnet

Does not compress

replication traffic

A2
IP
IP Subnet
Subnet

Replication

Uses a change notification

mechanism
A1
IP
IP Subnet
Subnet

IP
IP Subnet
Subnet

Replication
Replication

A2

B1
IP
IP Subnet
Subnet

B2
IP
IP Subnet
Subnet

Replication
Replication

Replication

Replication Between Sites:

Assumes limited available
bandwidth and unreliable
network links
Compresses all replication
traffic between sites (10:1)
Occurs on a manual schedule

27

Demonstration: Configuring AD DS Site Links

In this demonstration, you will see how to:
Configure the default site link
Create additional site links
Add sites to the site links

28

What Is the Inter-site Topology Generator?

Inter-site topology generator
A1
IP Subnet

The inter-site
topology generator
defines the
replication between
sites on a network

Bridgehead
server
A2

Replication
IP Subnet

B1
IP Subnet

Inter-site topology
generator

Replication
B2

Replication
IP Subnet

Bridgehead server

29

How Unidirectional Replication Works

Unidirectional replication
ensures that changes to a
read-only domain
controller are never
replicated to any other
domain controller

30

Lesson 3: Configuring and Monitoring

AD DS Replication
What Is a Bridgehead Server?
Demonstration: Configuring Bridgehead Servers
Demonstration: Configuring Replication Availability

and Scheduling

What Is Site Link Bridging?

Demonstration: Modifying Site Link Bridges
What Is Universal Group Membership Caching?
Demonstration: Configuring Universal Group

Membership Caching

Demonstration: Tools for Monitoring and

Managing Replication

31

What Is a Bridgehead Server?

A bridgehead server:
IP Subnet

Sends and receives

replicated data
Is designated for
each partition in
the site

Bridgehead Server

A1

IP Subnet

Replication
IP Subnet

IP Subnet

B1

Bridgehead Server
32

Demonstration: Configuring Bridgehead Servers

In this demonstration, you will see how to configure
bridgehead servers

33

Demonstration: Configuring Replication

Availability and Frequency
In this demonstration, you will see how to configure the site
link object to manage replication between sites

34

What Is Site Link Bridging?

B1

B2

IP Subnet

Site Link AB

B3
IP Subnet

Site B

Site Link BC

Site Link Bridge

A1

C2
A2

Site A
IP Subnet

IP Subnet

C1

Site C
IP Subnet

IP Subnet

35

Demonstration: Modifying Site Link Bridges

In this demonstration, you will see how to:
Disable site link bridging
Create a new site link bridge

36

What Is Universal Group Membership Caching?

Global Catalog Server
A1

Enables domain
controllers in a site
with no global
catalog servers to
cache universal
group membership

IP Subnet

Bridgehead
server
A2

IP Subnet

IP Subnet

IP Subnet

B1

Bridgehead server

37

Demonstration: Configuring Universal Group

Membership Caching
In this demonstration, you will see how to:
Configure universal group membership caching for a site
Configure the source for caching

38

Demonstration: Tools for Monitoring and

Managing Replication
In this demonstration you will see how to:
Identify the domain controller holding the ISTG role
Force the KCC to run, and how to force replication
Use Repadmin, NLTest, and DCDiag

39

Lab: Configuring Active Directory Sites and

Replication
Exercise 1: Configuring AD DS Sites and Subnets
Exercise 2: Configuring AD DS Replication
Exercise 3: Monitoring AD DS Replication

Logon information

Virtual machine

NYC-DC1, LONDC1, MIA-RODC,

NYC-RAS

User name

Administrator

Password

Pa$$w0rd

Estimated time: 60 minutes

40

Lab Review
What additional changes would you need to make to the

AD DS site configuration if you needed to ensure that all

replication traffic in the New-York site passed through
NYC-DC2?

What additional changes would you need to make if you

implemented another WAN connection between Tokyo and

London, and wanted to use that WAN connection for AD
DS replication instead of routing all replication changes
through NewYork-Site?

Why did you force the domain controllers in the lab to

update their IP addresses in DNS?

41

Module Review and Takeaways

Review questions
Considerations for configuring AD DS sites and replication
Tools

42

Beta Feedback Tool

Beta feedback tool helps:

Collect student roster information, module feedback, and

course evaluations.
Identify and sort the changes that students request, thereby
facilitating a quick team triage.
Save data to a database in SQL Server that you can later
query.

Walkthrough of the tool

43

Beta Feedback
Overall flow of module:

Which topics did you think flowed smoothly, from topic to

topic?
Was something taught out of order?

Pacing:

Were you able to keep up? Are there any places where the
pace felt too slow?
Were you able to process what the instructor said before
moving on to next topic?
Did you have ample time to reflect on what you learned? Did
you have time to formulate and ask questions?

Learner activities:

Which demos helped you learn the most? Why do you think
that is?
Did the lab help you synthesize the content in the module?
Did it help you to understand how you can use this
knowledge in your work environment?
Were there any discussion questions or reflection questions
that really made you think? Were there questions you
thought werent helpful?
44