|1| Chapter 6, Configuring Sites
|2| Chapter 6, Lesson 1
Configuring Sites
|3| 1. Overview
A. Create a site.
B. Associate a subnet with the site.
C. Connect the site using site links.
D. Select a site license server.
2. Sites
A. Overview
|4| 1. Sites define sets of domain controllers
that are well connected in terms of speed and cost.
2. Domain controllers in the same site
replicate on the basis of notification.
a. When a domain controller has changes, it
notifies its replication partner.
b. The notified partner requests the changes,
and replication takes place.
|5| 3. Replication within sites occurs as needed
rather than as scheduled.
4. Replication between sites occurs
according to a schedule.
5. A site is equivalent to a set of one or
more IP subnets.
6. An object named Default-First-Site-Name
is created in the Sites container when Active Directory is installed.
7. It is necessary to install the first
domain controller into Default-First-Site-Name.
8. Rename Default-First-Site-Name to this site’s
name.
9. When Active Directory is installed on
subsequent servers:
a. A domain controller is added to that site
if alternate sites have been defined in Active Directory and the IP address of
the installation computer matches an existing subnet in a defined site
b. Otherwise, it is added to the site of the
source domain controller
B. To create a new site
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. Right-click the Sites folder, and then
click New Site
|6| 3. In the New Object-Site dialog box, type
the name of the new site in the Name box; select a site link object, and then
click OK
4. On the Active Directory message box,
click OK
C. To rename a site
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. Click the Sites folder
3. Click twice, slowly, the site to be
renamed, or right-click the site and then click Rename
4. Type the new site name over the existing
site name, and then click in an empty part of the console
3. Subnets
|7| A. Overview
1. Computers on TCP/IP networks are assigned
to sites based on their location in a subnet or a set of subnets.
2. Subnets group computers in a way that
identifies their feasible physical proximity on the network.
3. Subnet information is used to find a
domain controller in the same site as the computer that is authenticated during
logon.
4. Subnet information is used during Active
Directory replication to determine the best routes between domain controllers.
B. To create a subnet
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. Double-click the Sites folder
3. Right-click the Subnets folder, and click
New Subnet
|8| 4. In the New Object-Subnet dialog box,
enter the subnet address in the Address box
5. In the Mask box, enter the subnet mask
that describes the range of addresses included in this site’s subnet
6. Choose a site to associate this subnet
with, and then click OK
C. To associate an existing subnet with a
site
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. Open the Subnets folder, right-click the
subnet, and then click Properties
|9| 3. In the Properties dialog box for the
subnet, select a site with which to associate this subnet from the choices
available in the site list, and then click OK
4. Site Links
|10| A. Overview
1. A site link must be established for
replication between sites to occur.
2. Site links are not generated
automatically; they must be created in Active Directory Sites And Services.
3. Each site link contains the schedule that
determines when replication can occur between the sites that it connects.
4. The Active Directory Sites And Services
console guarantees that every site is placed in at least one site link.
5. A site link can contain more than two
sites; all the sites are equally well connected.
6. Active Directory Installation Wizard
automatically creates an object named DEFAULTIPSITELINK in the IP container.
7. You can rename the DEFAULTIPSITELINK
object to the name you want to use for the site link.
B. Replication protocols
|11| 1. IP replication
a. Uses RPCs (remote procedure calls) for
replication over site links (inter-site) and within a site (intra-site)
b. Inter-site replication adheres to
replication schedules; Active Directory can be configured to ignore these
schedules.
c. Does not require a CA
|12| 2. SMTP replication
a. Used for inter-site replication only, not
for intra-site replication
b. Asynchronous
c. Typically ignores all schedules
d. When using SMTP, the process must be
completed by installing and configuring a certification authority (CA).
e. The CA signs SMTP messages that are
exchanged between domain controllers, ensuring the authenticity of directory
updates.
C. To create a site link
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. Open the Inter-Site Transports folder and
right-click either the IP or SMTP folder, depending on which protocol is needed
3.
Select New Site
Link
Note If
a site link using SMTP is created, Enterprise
CA must be available and SMTP
must be installed on all domain controllers that will use the site link.
|13| 4. In the New Object-Site Link dialog box,
type in the Name field the name to be given to the site link
5. Click two or more sites to connect, and
then click Add
6. Click OK
D. To add a site to an existing site link
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. Open the Inter-Site Transports folder and
either the IP or SMTP folder, and right-click the site link to which you want
to add the site; click Properties
3. In the Properties dialog box for the site
link, located in the Sites Not In This Site Link box under the General tab,
click the site to add to this site link, and then click Add
4. Click OK
|14| 5. Site
Licensing
A. Overview
1. An administrator can ensure an
organization’s legal compliance with Microsoft BackOffice software license
agreements by monitoring license purchases, deletions, and usage.
2. Information is collected on a server by
the License Logging service in Microsoft Windows 2000 Server.
3. Information is replicated to a
centralized database on a server called the site license server for the site.
4. The Licensing utility can be used to view
the licensing history for the entire site stored on the site license server.
5. The default site license server is the
first domain controller created for the site.
6. The site license server does not have to
be a domain controller.
7. In large organizations with multiple
sites, licensing information is collected separately by the site license server
in each site.
B. To select a site license server
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. Click the site for which you want to assign
a site license server
3. In the details pane, right-click
Licensing Site Settings, and then click Properties
4. In the Licensing Site Settings Properties
dialog box, click Change in the Licensing Computer box
5. In the Select Computer dialog box, select
the computer to designate as the site license server, and then click OK
6. In the Licensing Site Settings Properties
dialog box, click OK
C. To view licensing for a site
1. Click Start, point to Programs, point to
Administrative Tools, and click Licensing
2. On the License menu, choose Select Domain
to connect to the site license server for the domain
3. In the Select Domain dialog box, enter
the name of the site license server in the Domain box, and then click OK
|15| Chapter 6, Lesson 2
Configuring Inter-Site Replication
1. Overview
A. Create site links.
B. Configure site link attributes.
C. Create site link bridges.
D. Configure connection objects (optional).
E. Designate a preferred bridgehead server
(optional).
2. Site Link Attributes
|16| A. Site link cost
1. Overview
a. Configure site link cost to assign a value
for the cost of each available connection used for inter-site replication.
b. Establish site links for each multiple
redundant network connection
c. Active Directory always chooses the
connection on a per-cost basis.
2. To configure site link cost
a. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
b. Open the Inter-Site Transports folder and
either the IP or SMTP folder, and right-click the site link for which you want
to configure site link cost; click Properties
|17| c. On the Properties dialog box for the site
link, enter in the Cost box a value for the cost of replication
Note The
default for site link cost on the Properties dialog box is set at 100; the
lower the value, the higher the priority.
d. Click OK
B. Replication frequency
|18| 1. Overview
a. Configure replication frequency by
providing an integer value that tells Active Directory how many minutes it
should wait before using a connection to check for replication updates.
b. An interval must be at least 15 minutes
and no more than 10,080 minutes.
c. A site link must be available for any
replication to occur.
2. To configure site link replication
frequency
a. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
b. Open the Inter-Site Transports folder and
either the IP or SMTP folder, and right-click the site link for which site
replication frequency is to be set; click Properties
c. On the Properties dialog box for the site
link, enter in the Replicate Every box the number of minutes between
replications; the default is 180
d. Click OK
|19| C. Replication availability
1. Overview
a. Availability determines when a site link
will be available for replication.
b. SMTP typically ignores all schedules.
c. Do not configure site link replication
availability on SMTP site links unless
(1) The site links use scheduled connections
(2) The SMTP queue is not on a schedule
(3) Information is being exchanged directly
from one server to another, and not through intermediaries
2. To configure site link replication
availability
a. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
b. Open the Inter-Site Transports folder and
either the IP or SMTP folder, and right-click the site link for which site link
replication availability is to be configured; click Properties
c. In the Properties dialog box for the site
link, click Change Schedule
|20| d. On the Schedule For dialog box for the
site link, select the block of time when this connection is or is not available
to replicate directory information, and then click OK
e. In the Properties dialog box for the site
link, click OK
Note This
procedure will have no effect if Ignore Schedules is enabled on the Properties
dialog box for the inter-site transport.
3. To ignore schedules for an inter-site
transport
a. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
b. Open the Inter-Site Transports folder and
right-click either the IP or SMTP folder; click Properties
c. In the IP or SMTP Properties dialog box,
under the General tab, click the Ignore Schedules check box
d. Click OK
|21| 3. Site
Link Bridges
A. Overview
1. By default, all site links are “bridged”
in terms of cost.
2. When site links are bridged, they are
transitive.
3. All site links for a specific transport
implicitly belong to a single site link bridge for that transport.
4.
All site links
within the bridge can route transitively, but they do not route outside of the
bridge.
Note In
large networks where processing time is a concern, there are performance
advantages to turning off Bridge All Site Links and configuring site link
bridges only where they are advantageous.
B. To create a site link bridge
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. Open the Inter-Site Transports folder and
right-click either the IP or SMTP folder; click New Site Link Bridge
|22| 3. In the New Object-Site
Link Bridge
dialog box, type in the Name box a name for the site link bridge
4. Click two or more sites to connect, and
then click Add
5.
Click OK
Note This
procedure will have no effect if you have enabled Bridge All Site Links on the
Properties dialog box for the inter-site transport.
C. To bridge all site links for an inter-site
transport
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. Open the Inter-Site Transports folder and
right-click either the IP or SMTP folder; click Properties
3. In the IP or SMTP Properties dialog box,
on the General tab, click the Bridge All Site Links check box
4. Click OK
4. Manually Configuring Connections
|23| A. Overview
1. Active Directory automatically creates
and deletes connections under normal conditions.
2. Connections can be manually added,
configured, or forced to replicate over a particular connection.
3. Normally, replication should be allowed
to be automatically optimized based on information about your deployment
provided to Active Directory Sites and Services.
4. Create a connection manually only if the
connection is required and is to persist until manually removed
B. To configure connections manually
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. Double-click the site that contains the
domain controller for which you want to manually add or configure a connection
3. Open the Servers folder, open the domain
controller, right-click NTDS Settings, and then click New Active Directory
Connection
4. In the Find Domain Controllers dialog
box, click the domain controller that you want to include in the connection
object, and click OK
5. In the New Object-Connection dialog box,
enter in the Name field a name for the new Connection object, and click OK
C. To force replication over a connection
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. Double-click the site that contains the
connection over which you want to replicate directory information
3. Open the Servers folder, select the
domain controller, and then open NTDS Settings
|24| 4. Right-click the connection over which you
want to replicate directory information, and click Replicate Now
|25| 6. Designating
a Preferred Bridgehead Server
Note A
“bridgehead” is a point where a connection leaves or enters a site.
A. Overview
1. Control replication behavior by
specifying a bridgehead server for inter-site replicated information.
2. Establishing a preferred bridgehead server
provides some ranking or criteria for choosing which domain controller should
be preferred as the recipient for inter-site replication.
3. The preferred bridgehead server
distributes the directory information via intra-site replication.
4. The preferred bridgehead server serves as
a contact point for exchange of directory information between sites.
5. A computer with more bandwidth can ensure
that high levels of directory information exchange are handled promptly.
|26| B. Multiple bridgehead servers
1. Only one preferred bridgehead server will
be the active preferred bridgehead server at any time at a single site.
2. If the active preferred bridgehead server
fails, Active Directory will select from your designated set another preferred
bridgehead server to be the active preferred bridgehead server.
3. A domain controller is selected if no
other preferred bridgehead servers are available.
4. The domain controller might not have the
bandwidth to efficiently handle the increased requirements posed by being a
preferred bridgehead server.
5. A preferred bridgehead server will be
used as the first choice to receive and send all directory traffic.
|27| C. Bridgehead server and firewalls
1. A preferred bridgehead server must be
specified if the deployment uses a firewall to protect a site.
2. Establish the firewall proxy server as
the preferred bridgehead server, making it the contact point for exchanging
information with servers outside the firewall.
3. If this procedure is not followed,
directory information may not be successfully exchanged.
D. To designate a preferred bridgehead server
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. In the Active Directory Sites and
Services console tree, right-click the domain controller that is to be made a
bridgehead server, and then click Properties
3. On the Properties dialog box for the
domain controller, in the Transports Available For Inter-Site Data Transfer
box, click the inter-site transport or transports for which this computer will
be a preferred bridgehead server, and then click Add
4. Click OK
|28| Chapter 6, Lesson 3
Troubleshooting Replication
1. Troubleshooting Replication
|29| A. Overview
1. Ineffective replication can result in
declining Active Directory performance, such as new users not being recognized.
2. Ineffective replication primarily results
in out-of-date directory information or unavailable domain controllers.
3. Each cause has one or more possible
solutions.
B. Scenarios
1. Symptom: Replication of directory
information has stopped
a. The sites containing the clients and
domain controllers are not connected by site links to domain controllers in
other sites in the network.
(1) Create a site link from the current site to
a site that is connected to the rest of the sites in the network.
2. Symptom: Replication has slowed but not
stopped
a. The inter-site replication structure is
not as complete as it might be.
(1) Make sure Active Directory has been configured
properly.
(2) To span the multiple site links that need
more efficient replication, consider creating a site link bridge or consider
bridging all site links.
b. Current network resources are insufficient
to handle the amount of replication traffic.
(1) Increase the proportion of available
network resources relative to directory traffic.
(2) Decrease the frequency of the replication
schedule.
(3) Configure site link costs.
(4) To achieve network connections with more
bandwidth, create site links or site link bridges.
c. Directory information changed at domain
controllers in one site is not being updated in domain controllers in other
sites in a timely fashion because inter-site replication is scheduled too
infrequently.
(1) Increase the frequency of replication.
(2) Check which site link is restricting
replication.
(3) Increase the time range during which
replication can occur or the frequency of replication within the time frame for
that site link.
d. Clients are having to request
authentication, information, and services from a domain controller with a
low-bandwidth connection.
(1) Check whether there is a site that will
better serve the client’s subnet.
(2) If poor service is isolated, consider
creating a new site with its own domain controller.
(3) Install a connection with more bandwidth.
|30| 2. Checking
Replication Topology
A. Overview
1. Active Directory runs a process that
considers the cost of inter-site connections, checks whether any previously
available domain controllers are no longer available, checks whether new domain
controllers have been added, and then uses this information to add or remove
connection objects to create an efficient replication topology.
3.
This process
does not affect manually created connection objects.
Note The
Knowledge Consistency Checker (KCC) is a built-in process that creates and
maintains replication connections between domain controllers.
B. To check the replication topology
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. In the Active Directory Sites and Service
console tree, double-click the server that you want to use to check replication
topology
3. Right-click NTDS Settings, point to All
Tasks, and then click Check Replication Topology
|31| Chapter 6, Lesson 4
Maintaining Server Settings
1. Creating a Server Object in a Site
A. Overview
1. Use this procedure to create member
servers and domain controllers in a site.
2. Creating a server object is not the same
as installing a domain controller using the Active Directory Installation
Wizard.
B. To create a server object in a site
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. In the Active Directory Sites and
Services console tree, double-click the site that you want to contain the new
domain controller server object
3. Right-click the Servers folder, point to
New, and then click Server
4. On the New Object-Server dialog box,
enter in the Name box the name for the new server object, and then click OK
2. Moving Server Objects Between Sites
A. Overview
1. Use this procedure to move member servers
and domain controllers between sites.
B. To move server objects between sites
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. In the Active Directory Sites and
Services console tree, right-click the server object that you want to move to a
different site, and then click Move
3. In the Move Server dialog box, click the
site to which the server object will be moved, and then click OK
3. Enabling or Disabling a Global Catalog
|32| A. Overview
1. Clients must have access to a global
catalog to log on.
2. To receive the benefits of containing
network traffic provided by using sites, at least one global catalog should
exist in every site.
B. To enable or disable a global catalog
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. In the Active Directory Sites and
Services console tree, double-click the domain controller hosting the global
catalog
3. Right-click NTDS Settings, and then click
Properties
4. Do one of the following:
a. To enable a global catalog, select the
Global Catalog check box, and then click OK
b. To disable a global catalog, clear the
Global Catalog check box, and then click OK
4. Removing an Inoperative Server Object from a
Site
A. Overview
1. Use this procedure to permanently remove
a server object from a site.
2. If the server is to be reactivated,
delete the NTDS Settings object for the server rather than the server object
itself.
3. Active Directory will automatically
create a new NTDS Settings object, inserting the server into the replication
topology as appropriate.
B. To remove an inoperative server object
from a site
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Sites And Services
2. In the Active Directory Sites and
Services console tree, right-click the server object to be removed, and then
click Delete
3. On the Active Directory message box,
click Yes