The main purpose of this Snap-in is to configure the
replication topology of your network environment, By default after we install
the first Domain-Controller the first site is created and called
“Default-First-Site” ,the replication can occur in both ways:
· The first option is to
create replication between two Domain Controllers in the same site, in a LAN
network.
·
The second option is to
create replication between two sites; here we create replication between two
LAN networks that connected in a WAN.
The secondary’s purpose to use Sites
and Services Snap – in:
·
First we can check our
replication topology and get all the info that we need about our servers or
domain controllers.
·
We can create Subnets in
two sites to specify different ranges between the sites to reduce network
traffic ,for example :
-
Site 1 = 192.168.101.1 –
192.168.101.253.
-
Site 2 = 192.168.103.1 –
192.168.103.253.
·
And of course we here we
specify our DC to be a Global Catalog server.
So when we talk about Replication let’s understand what
replicated, for doing that we firs need to understand Active-Directory
Partitions:
The active directory database is separated into 5 different
partitions, at a single forest all domains controllers have at Minimum two of
those partitions that common: Schema and Configuration partition those two
partitions located in the “Forest-Level”, so let’s understand the partitions:
Schema
Partition:
This partition is unique because we have only one Schema per
forest. The schema partition is stored on each DC in our forest. The schema
partition contains all our Object and Attributes that been created in our
Active-Directory. The Schema information replicated to each DC in the forest
and for that reason we need to follow the Schema definition.
Configuration
Partition:
Like the Schema the “Configuration Partition” is also unique
because she’s in the forest level and we have only one partition in the entire
forest, like the schema partition it’s replicated to all DC in the forest. The
configuration partition contains all the information about the Active
–Directory Structure in our forest. For that reason we can see in this
partition all the information about our Domain Controllers, Services and Sites
that exists in the forest.
Domain
Partition:
The “Domain Partition” can be found on each Domain
–Controller in our forest. This partition contains all the information that we
need about Specific objects that created in the domain (Users, groups,
Computers and more), the domain partition replicated to all domain controllers.
All those object located and stores in Global Catalog.
Application
Partition:
The “Application Partitions” store information about
applications installed in Active-Directory, an application partitions cannot
contain Security Principals objects (Users and more) , not like the Domain
Partition here the object NOT stored in a global catalog.
Replication
Topology:
Replication is the route
which replication data travels throughout your
Network
Environment. Replication occurs between two domain controllers at a time.
To create a replication
topology, we need to specify in AD which replica goes to each domain
controller.
Now if you remember we said before that we have two
partitions that belongs to the entire Forest (Schema and Configuration) in
other words each DC in the forest holds replica of them, if we have different
domains in our forest the DC inside them will also replicate the Domain
Partition
Knowledge Consistency Checker (KCC):
This feature is built in process that runs on each DC and
verifies that the replication process of the partition that this DC contains
will be as it supposes to be with the right order. The KCC runs by default
every 15 minutes.
Global Catalog and Replication of Partitions:
The Global Catalog allows us to sheer object from our Active
Directory to the entire Forest and Domains. Those resources are stored in the
Global Catalog and can be searched by users (nice example will be to search any
object in active directory like users or computers), so as you understand
without the Global Catalog every server will needs to search on every DC in the
forest and that’s not good for us .
By Microsoft recommendation you suppose to have at least one
Global Catalog server, hosted on Domain Controller .the Global Catalog is
hosted on a Domain Controller and hosted all attributes & objects from
Active Directory.
Note!
The default permeations to work with Global Catalog need to
be members of the Schema Admins.
The global catalog contains the
following list:
1. Default attributes for each object type (Users, Computers…).
2 All attributes that we need
when we set query in AD such as a user's first and last name, and logon name.
3 Information which helps
determines the location of an object in AD.
Permissions of every object
type (That’s ensure that users will receive all the results that they have
permissions on, object without permissions will not display on the query
respond).
So let’s make the conclusion of GC:
· A global catalog server is
a domain controller that contains full and writable replica of its domain
directory.
· A global catalog server is
a domain controller that contains read-only replica of all other domain
directory partitions in the forest (Store only the important attributes of an
object).
Note!
Microsoft
recommends having a global catalog server for every active directory site in an
enterprise network.
More about
sites and Subnets:
Sites in DC can
help us to define our Physical network structure, we can separate sites with
TCP\IP subnets .A single site can contain more than one subnet.
What is Replication
Monitor?
·
Displays
replicating information both directly and transitively, with this tool we can
monitor our replication topology, we also can see which objects have not
replicated from a Domain-Controller and create Triggers the KCC to recalculate
the replication topology.
Note!
We can set replication monitor from each
Domain Controller, or any computer that runs server 2003.
How to
configure replication monitor:
- Open Start->Run and Type: Replmon and press OK.
- Now in View Screen press Options.
- Now you will see “Active Directory Replication Monitor Options page” ,go to status logging tab .and press “Display Changed Attributes when Replication Occurs”
- Click “Monitored servers” and add your desirable Domain-Controller.
Repadmin.exe Tool:
This tool can help us create tasks related to our
replication topology.
With this tool we can see our replication topology (On
each DC) .we also can use Repadmin to Force replication and view the
replication Metadata.
Dcdiag Tool:
We can use this tool to analyzes the state of Domain Controllers and check for every problem that occur, we can see problems related to connectivity, Replication, topology integrity, and interstice health.
We can use this tool to analyzes the state of Domain Controllers and check for every problem that occur, we can see problems related to connectivity, Replication, topology integrity, and interstice health.
At
a command prompt, type:
Dcdiag +
Switch Description
/v provides
verbose results. When you use /v,
the output from dcdiag
Provides a lot of
information that can help you troubleshoot a
Problem.
/f: LogFile Redirects
output to a specified log file.
No comments:
Post a Comment