In this lesson we are going to learn how to use the Active Directory Sites and Services tool and about Active Directory replication.
We've learned how to use Organizational Unit's to organize our objects in Active Directory. We learned that we can organize our objects using multiple methods and one of those methods was by location. This lesson discusses sites, but it's not not referring to the logical organization we do using Active Directory Users and Computers. A site is a physical location usually connected to other sites using WAN technology.
Our lab environment is very simple and only contains one site. We could ignore Active Directory Sites and Services and everything would function. Below you can see what it looks like without any changes. A site is created for us called Default-First-Site-Name.
When a computer logs into the domain it has to find a login server. On a network with a single site this is simple, it will use one of the servers on the site. If you have a network with multiple sites then you want your clients to authenticate using the closest server. This is where Active Directory Sites and Services helps out. It allows you to create your sites, then you define the subnets used at each site. When a client logs in it's directed to the best server based on your subnets.
There are three steps to setting up Active Directory Sites and Services. They are outlined below.
When you setup Active Directory for the first time there will be a site named Default-First-Site-Name it will contain all domain controllers. The first thing you need to do is rename this Site, in our network we are going to call it Queensbury. Once that's renamed we need to add a second site for Wilton. The new site wizard allows us to name our site and chose which protocol we want to use for replication.
In a clean install of Active Directory we'll find it's lacking Subnets. We will need to add subnets for both Queensbury and Wilton. When we start the add Subnet wizard we'll see we have the option to link the subnet to a site. You can add multiple subnets to a site.
Once you have the sites created you can move your servers to the correct sites using the move server wizard.
Once we're done we'll see our Active Directory Sites and Service tool looks more organized. We can see our subnets, site and servers in each site.
Active Directory Sites and Services also plays a big part in Active Directory replication. The Knowledge Consistency Checker (KCC) uses the information in Sites and Services to determine the best replication topology. When multiple sites exist in Active Directory the KCC builds a replication topology that is the most efficient. As you add and remove servers the KCC updates the replication topology to make sure it is the most efficient. This happens automatically so you don't have to worry about it, but you can over ride the KCC and build your own replication links using Sites and Services.
In Active Directory Sites and Services we see NTDS Settings under each server. If we click on NTDS Settings we see the replication connections. The KCC builds the connections name <automatically generated>.
You can modify the settings on the automatically generated connection.
Each site on your network needs at least one Global Catalog server. The Global Catalog is a subset of the Active Directory database, but contains a subset of all domains in your environment. In the properties of the NTDS Settings you can set a server to be a Global Catalog.
One of the methods the KCC uses to build the most efficient replication topology is by creating bridgehead servers. Bridgehead servers are servers that replicate with other bridgehead servers on other site. There is one bridgehead server per site. This makes sure it minimizes the amount of replication across slower WAN links.
You can override the KCC's choices and set which server is the bridgehead by viewing the properties of the server in Sites and Services.