CHAPTER
6
CONFIGURING
SITES
NOTE: Your site configuration will also affect any applications that will take advantage of the
Active Directory, such as Exchange 2000 or Site Server’s Personalization and Membership
services.
Lesson 1:
Configuring Site Settings
To configure site settings you must complete the following tasks:
Sites:
A site is a combination of one or more Internet Protocol (IP) subnets connected by a highly reliable
and fast link to localize as much network traffic as possible.
Sites define sets of domain controllers that are well-connected in terms of speed and cost. Domain
controllers in the same site replicate on the basis of notification: When a domain controller has changes,
it notifies its replication partners. A site is the equivalent of a set of one or more IP subnets.
When you install Active Directory on the first domain controller in the site, an object named Default-
First-Site-Name is created in the Sites container. When your first domain controller has been installed,
you can rename Default-First-Site-Name to the name you want to use for the site.
When you install Active Directory on subsequent servers, if alternate sites have been defined in Active
Directory and the IP address of the installation computer matches an existing subnet in a defined site,
the domain controller is added to that site.
Subnets
Computers on TCP/IP networks are assigned to sites based on their location in a subnet or a set of
subnets. Subnets group computers in a way that identifies their feasible physical proximity on the
network. Subnet information is used to find a domain controller in the same site as the computer
that is authenticated during Logon, and is used during Activity Directory replication to determine
the best routes between domain controllers.
=====================================================================
winads6.html PAGE
2 2002/02/15
Site Links
For replication to occur between two sites, a link must be established between the sites. Site links
are not generated automatically and must be created in Activity Directory Sites and Service.
When you install Active Directory on the first domain controller in the site, the Active Directory
Installation Wizard automatically creates an object names DEFAUTLIPSITLINK in the IP container.
When your first domain controller has been installed, you
can rename the DEFAULTIPSITELINK
to the name you want to use for the site link.
Replication Protocols
Directory information can be exchanged over site links using different network protocols such as IP
or SMTP:
IP replication. Uses remote procedure calls (RPCs) for replication over site links (inter-site)
and within a site (intra-site). By, default, inter-site IP replication does adhere to replication
schedules you may configure Active Directory to ignore schedules. IP replication does not
require a certificate authority (CA).
SMTP replication. Is only used for replication over site links (inter-site), and not for
replication within a site (intra-site). Because SMTP is asynchronous, typically ignores all
schedules.
** See page 41 (512
kbps is recommended for the bandwidth, but you can use a minimum of
128Kbps****
If you choose to use SMTP over site links, you must complete the process of installing and configuring
a certification authority (CA). The CA signs SMTP messages that are exchanged between domain
controllers, ensuring the authenticity of directory updates.
CAUTION: If you create a site link that uses SMTP, you
must have an
SMTP must be installed on all domain controllers that will use the site link.
=====================================================================
winads6.html PAGE
3 2002/02/15
Site Licensing:
An administrator can ensure an organization’s legal compliance with Microsoft BackOffice software
license agreements by monitoring license purchases, deletions, and usage. This licensing information
is collected on a server by the License Logging service in Windows 2000 Server.
Lesson Summary:
that the site is linked to other sites with site links as appropriate, and select the licensing
for the site.
occur between two sites.
Licensing utility in
license server.
Lesson 2:
Configuring Inter-Site Replication
Network connections are represented by site links. By creating site links and configuring their cost,
replication frequency, and replication availability, you provide the directory service with information
about how to use these connections to replicate directory data.
You can also designate a server, known as a bridgehead server, to serve as a contact point for the
exchange of directory information between sites.
Configuring Inter-Site Replication
Site Link Attributes
You should provide site link cost, replication frequency, and replication availability information for all
site links as part of the process of configuring inter-site replication.
=====================================================================
winads6.html PAGE
4 2002/02/15
Site Link Cost
Configure site link cost to assign a value for the cost of each available connection used for inter-site
replication. If you have multiple redundant network connections, establish site links for each
connection, and then assign costs to these site links that reflect their relative bandwidth. For
example, if you have a high-speed T1 line and dial-up network connection in case the T1 line is
unavailable, configure a lower cost of the T1 line and a higher cost for the dial-up network
connection. Active Directory always chooses the connection on a per-cost basis, so the cheaper
connection will be used as long as it is available.
Replication Frequency
Configure site link replication frequency for site links by providing an integer value that tells Active
Directory how many minutes it should wait before using a connection to check for replication
updates. The replication interval must be at least 15 and no more than 10,080 minutes (equal
to one week). A site link must be available for any replication to occur, so if a site link is
scheduled as unavailable when the number of minutes between replication updates has passed ,
no replication will occur.
Replication Availability
Configure site link replication availability to determine when a site link will be available for
replication. Because SMTP is asynchronous, it typically ignores all schedules.
through intermediaries, as is the case, for example, on a network backbone.
NOTE: This procedure will have no effect if you have enabled Ignore Schedules on the
Properties dialog box for the inter-site transport.
Site Link Bridges
When more than two sites are linked for replication and use the same transport, by default,
all of the site links are bridged in terms of cost, assuming the site links have common sites.
When site links are bridged, they are transitive. That is, all site links for a specific transport
implicitly belong to a single site link bridge for that transport.
=====================================================================
winads6.html PAGE
5 2002/02/15
If your IP address is not fully routed, you can turn off the transitive site link feature for the IP
transport, in which case all IP site links are considered intransitive and you configure site link
bridges. A site link bridge is the equivalent of a disjoint network; all site links within the
bridge can route transitively, but they do not route outside of the bridge. (in other words,
choose the best route.)
Manually Configuring Connections
Active Directory automatically creates and deletes connections under normal conditions.
Although you can manually add or configure connections or force replication over a particular
connection, normally you should allow replication to be automatically optimized based on
information you provide to Active Directory Sites and Services about your deployment.
Designating a Preferred Bridgehead Server
Ordinarily, all domain controllers are used to exchange information between sites, but you
can further control replication behavior by specifying a bridgehead server for inter-site
replicated information. This bridgehead server then subsequently distributes the directory
information via intra-site replication.
If there’s typically a high level of directory information exchange, a computer with more
bandwidth can ensure these exchanges are handled promptly.
If the active preferred bridgehead server fails, Active Directory will select another preferred
bridgehead server to be the active preferred bridgehead server from the set you designate.
Establish your firewall proxy server as the preferred bridgehead server, making it the contact
point for exchanging information with servers outside the firewall.
NOTE: Top priority cost = 1, if you want it to be the head honcho!!!!
Lesson Summary:
cheaper connection will be used as long as it is available.
together into site link bridges, or you can bridge all site links and maximize
connectivity.
=====================================================================
winads6.html PAGE
6 2002/02/15
Lesson 3:
Troubleshooting Replication
Troubleshooting Replication
Ineffective replication can result in declining Active Directory performance, such as new users
not being recognized. Ineffective replication or request handling primarily results in out-of-date
directory information or unavailable domain controllers. Each problem (cause) has one or more
possible solutions.
**** See the charts
on page 175 ****
Checking Replication Topology
Active Directory runs a process that considers the cost of inter-site connections, checks if any
previously available domain controllers are no longer available, checks if new domain controllers
have been added, and then uses this information to add or remove connection objects to create
an efficient replication topology
Lesson 4:
Maintaining Server Settings
Maintaining Server Settings
A site changes and grows based on business needs, you may find it necessary to meet these
changing needs by maintaining server settings for the site. The tasks you may need to
perform to maintain server settings are:
**** Do some of the
exercises in the book page 176-177 *****
=====================================================================
winads6.html PAGE
7 2002/02/15
Lesson Summary:
enabling or disabling a global catalog, and removing an inoperative server object from
a site.