Replication Rings and Directory Partitions
by William R. Stanek
Microsoft® Windows Server™ 2003 Inside Out
- Microsoft® Windows Server™ 2003 Inside Out
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
- A Note Regarding Supplemental Files
- Acknowledgments
- We'd Like to Hear from You!
- About the CD
- Conventions and Features Used in this Book
- About the Author
- 1. Windows Server 2003 Overview and Planning
- 1. Introducing Windows Server 2003
- What's New in Windows Server 2003
- 64-Bit Computing
- .NET Technologies
- Windows XP and Windows Server 2003
- Windows XP Editions
- Increased Support for Standards
- Interface and Tool Improvements
- Active Directory Improvements
- Domains Can Be Renamed
- Active Directory Can Replicate Selectively
- Active Directory–Integrated DNS Zones Can Forward Conditionally
- Active Directory Schema Objects Can Be Deleted
- Active Directory and Global Catalog Are Optimized
- Active Directory Can Compress and Route Selectively
- Forest-to-Forest Trusts
- Active Directory Migration Made Easier
- Group Policy Improvements
- Management and Administration Extras
- Security Advances
- Reliability and Maintenance Enhancements
- 2. Planning for Windows Server 2003
- Overview of Planning
- Identifying Your Organizational Teams
- Assessing Project Goals
- Analyzing the Existing Network
- Defining Objectives and Scope
- Defining the New Network Environment
- Selecting a Software Licensing Program
- Final Considerations for Planning and Deployment
- 1. Introducing Windows Server 2003
- 2. Windows Server 2003 Installation
- 3. Preparing for the Installation and Getting Started
- 4. Managing Interactive Installations
- 5. Managing Unattended Installations
- 6. Using Remote Installation Services
- Introduction to RIS
- Installing RIS
- Configuring RIS Clients
- Preparing RIS-Based Installations
- Using RIS for Automated Installations
- Working with Sysprep
- 3. Windows Server 2003 Upgrades and Migrations
- 7. Preparing for Upgrades and Migration
- 8. Upgrading to Windows Server 2003
- General Considerations for Upgrades
- Upgrading from Windows 2000
- Upgrading from Windows NT 4
- 9. Migrating to Windows Server 2003
- Selecting the Migration Tools
- ADMT
- General Considerations for Migrations
- Determining the Approach to Migration
- Preparing for Migration
- Migrating Security Principals
- Performing the Migration: An Overview
- Migrating Group Accounts
- Migrating User Accounts
- Migrating Passwords
- Migrating the Computers
- Merging Groups during Migration
- Migrating Domain Trusts
- Migrating Service Accounts
- Security Translation
- Generating Migration Reports
- 4. Managing Windows Server 2003 Systems
- 10. Configuring Windows Server 2003
- 11. Windows Server 2003 MMC Administration
- 12. Managing Windows Server 2003
- Using the Administration Tools
- Using the Control Panel Utilities
- Using the Add Hardware Utility
- Using the Add or Remove Programs Utility
- Using the Date and Time Utility
- Using the Display Utility
- Using the Folder Options Utility
- Using the Licensing Utility
- Using the Network Connections Utility
- Using the Regional and Language Options Utility
- Using the Scheduled Tasks Utility
- Using the System Utility
- Using Support Tools
- Using Resource Kit Tools
- Using the Secondary Logon
- 13. Managing and Troubleshooting Hardware
- 14. Managing the Registry
- 15. Performance Monitoring and Tuning
- 16. Comprehensive Performance Analysis and Logging
- 5. Managing Windows Server 2003 Storage and File Systems
- 17. Planning for High Availability
- 18. Preparing and Deploying Server Clusters
- 19. Storage Management
- Essential Storage Technologies
- Configuring Storage
- Managing MBR Disk Partitions on Basic Disks
- Managing GPT Disk Partitions on Basic Disks
- Managing Volumes on Dynamic Disks
- Creating a Simple or Spanned Volume
- Extending a Simple or Spanned Volume
- Recovering a Failed Simple or Spanned Disk
- Moving Dynamic Disks
- Configuring RAID 1: Disk Mirroring
- Mirroring Boot and System Volumes
- Configuring RAID 5: Disk Striping with Parity
- Breaking or Removing a Mirrored Set
- Resolving Problems with Mirrored Sets
- Repairing a Mirrored System Volume to Enable Boot
- Resolving Problems with RAID-5 Sets
- 20. Managing Windows Server 2003 File Systems
- 21. File Sharing and Security
- File Sharing Essentials
- Creating and Publishing Shared Folders
- Managing Share Permissions
- Managing File and Folder Permissions
- Managing File Shares After Configuration
- Sharing Files on the Web
- Auditing File and Folder Access
- 22. Using Volume Shadow Copy
- 23. Using Removable Media
- Introducing Removable Media
- Managing Media Libraries and Media
- Inserting Media into a Library
- Ejecting Media from a Library
- Mounting and Dismounting Media in Libraries
- Enabling and Disabling Media
- Enabling and Disabling Drives
- Cleaning Drives
- Working with Library Doors and Ports
- Configuring Library Inventory
- Starting Library Inventory
- Changing Library Media Types
- Enabling and Disabling Libraries
- Managing Media Pools
- Managing Work Queues, Requests, and Security
- Using the Work Queue
- Troubleshooting Waiting Operations
- Changing Mount Operations
- Controlling When Operations Are Deleted
- Using the Operator Requests Queue
- Notifying Operators of Requests
- Completing or Refusing Requests
- Controlling When Requests Are Deleted
- Setting Access Permissions for Removable Storage
- 6. Managing Windows Server 2003 Networking and Print Services
- 24. Managing TCP/IP Networking
- Understanding IP Addressing
- Special IP Addressing Rules
- Using Subnets and Subnet Masks
- Getting and Using IP Addresses
- Understanding Name Resolution
- Configuring TCP/IP Networking
- 25. Managing DHCP
- DHCP Essentials
- DHCP Security Considerations
- Planning DHCP Implementations
- Setting Up DHCP Servers
- Configuring TCP/IP Options
- Levels of Options and Their Uses
- Options Used by Windows Clients
- Using Userand Vendor-Specific TCP/IP Options
- Settings Options for All Clients
- Settings Options for Routing and Remote Access Clients Only
- Setting Add-On Options for Directly Connected Clients
- Defining Classes to Get Different Option Sets
- Advanced DHCP Configuration and Maintenance
- Setting Up DHCP Relay Agents
- 26. Architecting DNS Infrastructure
- 27. Implementing and Managing DNS
- 28. Implementing and Maintaining WINS
- 29. Installing and Maintaining Print Services
- Understanding Windows Server 2003 Print Services
- Print Services Changes for Windows Server 2003
- Upgrading Windows NT 4 Print Servers to Windows Server 2003
- Migrating Print Servers from One System to Another
- Planning for Printer Deployments and Consolidation
- Setting Up Printers
- Managing Printer Permissions
- Managing Print Server Properties
- Managing Printer Properties
- Setting General Properties, Printing Preferences, and Document Defaults
- Setting Overlays and Watermarks for Documents
- Installing and Updating Print Drivers on Clients
- Configuring Printer Sharing and Publishing
- Optimizing Printing Through Queues and Pooling
- Configuring Print Spooling
- Viewing the Print Processor and Default Data Type
- Configuring Separator Pages
- Configuring Color Profiles
- Managing Print Jobs
- Printer Maintenance and Troubleshooting
- 30. Using Remote Desktop for Administration
- 31. Deploying Terminal Services
- Using Terminal Services
- Designing the Terminal Services Infrastructure
- Setting Up Terminal Services
- Using the Terminal Services Configuration Tool
- Using the Terminal Services Manager
- Managing Terminal Services from the Command Line
- Other Useful Terminal Services Commands
- Configuring Terminal Services Per-User Settings
- 24. Managing TCP/IP Networking
- 7. Managing Active Directory and Security
- 32. Active Directory Architecture
- 33. Designing and Managing the Domain Environment
- Design Considerations for Active Directory Replication
- Design Considerations for Active Directory Search and Global Catalogs
- Design Considerations for Compatibility
- Design Considerations for Active Directory Authentication and Trusts
- Universal Groups and Authentication
- NTLM and Kerberos Authentication
- Authentication and Trusts Across Domain Boundaries
- Authentication and Trusts Across Forest Boundaries
- Examining Domain and Forest Trusts
- Establishing External, Shortcut, Realm, and Cross-Forest Trusts
- Verifying and Troubleshooting Trusts
- Delegating Authentication
- Design Considerations for Active Directory Operations Masters
- Operations Master Roles
- Using, Locating, and Transferring the Schema Master Role
- Using, Locating, and Transferring the Domain Naming Master Role
- Using, Locating, and Transferring the Relative ID Master Role
- Using, Locating, and Transferring the PDC Emulator Role
- Using, Locating, and Transferring the Infrastructure Master Role
- 34. Organizing Active Directory
- 35. Configuring Active Directory Sites and Replication
- 36. Implementing Active Directory
- Preinstallation Considerations for Active Directory
- Installing Active Directory
- Uninstalling Active Directory
- Creating and Managing Organizational Units (OUs)
- Delegating Administration of Domains and OUs
- 37. Managing Users, Groups, and Computers
- Managing Domain User Accounts
- Managing User Profiles
- Managing User Data
- Maintaining User Accounts
- Managing Groups
- Managing Computer Accounts
- 38. Managing Group Policy
- Understanding Group Policy
- Implementing Group Policy
- Working with Local Group Policy
- Working with the Group Policy Object Editor
- Working with the Group Policy Management Console
- Installing and Running the Group Policy Management Console
- Using the Group Policy Management Console
- Accessing Forests, Domains, and Sites in Group Policy Management Console
- Creating and Linking a New GPO in Group Policy Management Console
- Editing an Existing GPO in the Group Policy Management Console
- Linking to an Existing GPO in the Group Policy Management Console
- Deleting an Existing GPO in the Group Policy Management Console
- Managing Group Policy Inheritance and Processing
- Using Scripts in Group Policy
- Applying Group Policy Through Security Templates
- Maintaining and Troubleshooting Group Policy
- 39. Active Directory Site Administration
- 8. Windows Server 2003 Disaster Planning and Recovery
- Index to Troubleshooting Topics
- Index
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
The knowledge consistency checker (KCC) is responsible for generating the intrasite replication topology, and the ISTG uses the KCC to generate the intersite replication topology. The KCC always configures the replication topology so that each domain controller in a site has at least two incoming connections if possible, as already discussed. The KCC also always configures intrasite replication so that each domain controller is no more than three hops from any other domain controller. This also means that maximum replication latency, the delay in replicating a change across an entire site, is approximately 45 seconds for normal replication.
When there are two domain controllers in a site, each domain controller is the replication partner of the other. When there are between three and seven domain controllers in the domain, each domain controller will have two incoming connections and two replication partners. Figure 35-6 shows the replication topology for City Power & Light's Sacramento campus. Here the network is spread over two buildings that are connected with high-speed interconnects. Because the buildings are connected over redundant high-speed links, the organization uses a single site with three domain controllers in each building. The replication topology for the six domain controllers as shown ensures that no domain controller is more than three hops from any other domain controller.
When the number of domain controllers increases beyond seven, additional connection objects are added to ensure that no domain controller is more than three hops from any other domain controller in the replication topology. To see an example of this, consider Figure 35-7. Here, City Power & Light has built a third building that connects its original buildings to form a U-shaped office complex. The administrators have placed two new domain controllers in building 3. As a result of adding the additional domain controllers, some domain controllers now have three replication partners.
At this point, you may be wondering what role, if any; directory partitions play in replication topology. After all, from previous discussions, you know that Active Directory has multiple directory partitions and that those partitions are replicated in the following ways:
Forest-wide basis for configuration and schema directory partitions
Domain-wide basis for the domain directory partition
Select basis for the global catalog partition or other application-specific partitions, which include special application partitions as well as the ForestDnsZones and DomainDnsZones application partitions used by DNS
In previous discussions, I didn't want to complicate things unnecessarily by adding a discussion of partition replication. From a logical perspective, partitions do play an important role in replication. Replication rings, the logical implementation of replication, are based on the types of directory partitions that are available. The KCC generates a replication ring for each kind of directory partition.
Table 35-2 details the replication partners for each kind of directory partition. Replication rings are implemented on a per-directory partition basis. There is one replication ring per directory partition type, and some rings include all the domain controllers in a forest, all the domain controllers in a domain, or only those domain controllers using application partitions.
Table 35-2. Per-Directory Partition Replication Rings
Directory Partition | Replication Partners |
|---|---|
Configuration directory partition | All the domain controllers in the forest |
Schema directory partition | All the domain controllers in the forest |
Domain directory partition | All the domain controllers in a domain |
Global catalog partition | All domain controllers in the forest that host global catalogs |
Application directory partition | All the domain controllers using the application partition on either a forest-wide, domain-wide, or selective basis, depending on the configuration of the application partition |
ForestDnsZones directory partition | All the domain controllers in the forest that host DNS |
DomainDnsZones directory partition | All the domain controllers that host DNS for that domain. |
When replication rings are within a site, the KCC on each domain controller is responsible for generating the replication topology and keeping it consistent. When replication rings go across site boundaries, the ISTG is responsible for generating the replication topology and keeping it consistent. Because replication rings are merely a logical representation of replication, the actual implementation of replication rings is expressed in the replication topology by using connection objects. Regardless of whether you are talking about intrasite or intersite replication, there is one connection object for each incoming connection. The KCC and ISTG do not create additional connection objects for each replication ring. Instead, they reuse connection objects for as many replication rings as possible.
When you extend the reuse of connection objects to the way intersite replication is performed, this is how multiple bridgehead servers might be designated. Typically, each site will also have a designated bridgehead server for replicating the domain, schema, and configuration directory partitions. Other types of directory partitions may be replicated between sites by domain controllers that host these partitions. For example, if two sites have multiple domain controllers and only a few have application partitions, a connection object may be created for the intersite replication of the application partition.
Figure 35-8 shows an example of how multiple bridgehead servers might be used. Here, the domain, schema, and configuration partitions are replicated from Site 1 to Site 2 and vice versa using the connection objects between DC3 and DC5. A special application partition is replicated from Site 1 to Site 2 and vice versa using the connection objects between DC2 and DC6.
The global catalog partition is a special exception. The global catalog is built from all the domain databases in a forest. Each designated global catalog server in a forest must get global catalog information from the domain controllers in all the domains of the forest. This means that a global catalog server must connect to a domain controller in every domain and there must be an associated connection object to do this. Because of this, global catalog servers are another reason for having more than one designated bridgehead server per site.
Figure 35-9 provides an example of how replication might work for a more complex environment that includes domain, configuration, and schema partitions as well as DNS and global catalog partitions. Here, the domain, schema, and configuration partitions are replicated from Site 1 to Site 2 and vice versa using the connection objects between DC3 and DC5. The connection objects between DC1 and DC4 are used to replicate the global catalog partition from Site 1 to Site 2 and vice versa. In addition, the connection objects between DC2 and DC6 are used to replicate the DNS partitions from Site 1 to Site 2 and vice versa.
-
No Comment