Wednesday, 11 May 2016

Active Directory Replication Topology

Active Directory Replication Topology

Replication of updates to Active Directory objects are transmitted between multiple domain controllers to keep replicas of directory partitions synchronized. Multiple domains are common in large organizations, as are multiple sites in disparate locations. In addition, domain controllers for the same domain are commonly placed in more than one site.
Therefore, replication must often occur both within sites and between sites to keep domain and forest data consistent among domain controllers that store the same directory partitions. Site objects can be configured to include a set of subnets that provide local area network (LAN) network speeds. As such, replication within sites generally occurs at high speeds between domain controllers that are on the same network segment. Similarly, site link objects can be configured to represent the wide area network (WAN) links that connect LANs. Replication between sites usually occurs over these WAN links, which might be costly in terms of bandwidth. To accommodate the differences in distance and cost of replication within a site and replication between sites, the intrasite replication topology is created to optimize speed, and the intersite replication topology is created to minimize cost.
The Knowledge Consistency Checker (KCC) is a distributed application that runs on every domain controller and is responsible for creating the connections between domain controllers that collectively form the replication topology. The KCC uses Active Directory data to determine where (from what source domain controller to what destination domain controller) to create these connections.

Replication Within and Between Sites

The KCC creates separate replication topologies to transfer Active Directory updates within a site and between all configured sites in the forest. The connections that are used for replication within sites are created automatically with no additional configuration. Intrasite replication takes advantage of LAN network speeds by providing replication as soon as changes occur, without the overhead of data compression, thus maximizing CPU efficiency. Intrasite replication connections form a ring topology with extra shortcut connections where needed to decrease latency. The fast replication of updates within sites facilitates timely updates of domain data. In deployments where large datacenters constitute hub sites for the centralization of mission-critical operations, directory consistency is critical.
Replication between sites is made possible by user-defined site and site link objects that are created in Active Directory to represent the physical LAN and WAN network infrastructure. When Active Directory sites and site links are configured, the KCC creates an intersite topology so that replication flows between domain controllers across WAN links. Intersite replication occurs according to a site link schedule so that WAN usage can be controlled, and is compressed to reduce network bandwidth requirements. Site link settings can be managed to optimize replication routing over WAN links. The connections that are created between sites form a spanning tree for each directory partition in the forest, merging where common directory partitions can be replicated over the same connection.
In remote branch locations, replication of updates from the hub sites is optimized for network availability. Thus, because intrasite replication is optimized for speed, branch locations across WAN links can be assured of receiving data from hub sites that is up-to-date and reliable; but because intersite replication is scheduled, branch sites receive this replication only at intervals that are deemed appropriate and cost-effective for remote operations.

Technologies Related to Active Directory Replication Topology

The following technologies interact with Active Directory replication.

File Replication Service

File Replication service (FRS) is related to Active Directory replication because it requires the Active Directory replication topology. FRS is a multimaster replication service that is used to replicate files and folders in the system volume (SYSVOL) shared folder on domain controllers and in Distributed File System (DFS) shared folders. FRS works by detecting changes to files and folders and then replicating the updated files and folders to other replica members, which are connected in a replication topology.
FRS uses the replication topology that is generated by the KCC to replicate the SYSVOL files to all domain controllers in the domain. SYSVOL files are required by all domain controllers for Active Directory to function. For more information about FRS and how it uses the Active Directory replication topology, see “FRS Technical Reference”. For more information about SYSVOL, see “Data Store Technical Reference.”

SMTP

Simple Mail Transfer Protocol (SMTP) is a packaging protocol that can be used as an alternative to the remote procedure call (RPC) replication transport. SMTP can be used to transport nondomain replication over IP networks in mail-message format. Where networks are not fully routed, e-mail is sometimes the only transport method available.

Active Directory Replication Topology Dependencies

Active Directory replication topology has the following dependencies:
  • Routable IP infrastructure. The replication topology is dependent upon a routable IP infrastructure from which you can map IP subnet address ranges to site objects. This mapping generates the information that is used by client workstations to communicate with domain controllers that are close by, when there is a choice, rather than those that are located across WAN links.
  • DNS. The Domain Name System (DNS) resolves DNS names to IP addresses. Active Directory replication topology requires that DNS is properly designed and deployed so that domain controllers can correctly resolve the DNS names of replication partners.

    DNS also stores service (SRV) resource records that provide site affinity information to clients searching for domain controllers, including domain controllers that are searching for replication partners. Every domain controller registers these records so that they can be located according to site.
  • Net Logon service. Net Logon is required for DNS registrations.
  • RPC. Active Directory replication requires IP connectivity and RPC to transfer updates between replication partners within sites. RPC is required for replication between two sites containing domain controllers in the same domain, but SMTP is an alternative where RPC cannot be used and domain controllers for the same domain are all located in one site so that intersite replication of domain data is not required.
  • Intersite Messaging. Intersite Messaging is required for SMTP intersite replication and for site coverage calculations. If the forest functional level is Windows 2000, Intersite Messaging is also required for intersite topology generation.
The following diagram shows the interaction of these technologies with the replication topology, which is indicated by the two-way connections between each set of domain controllers.
Replication Topology and Dependent Technologies
Replication Topology and Dependent Technologies

No comments:

Post a Comment

Difference between stress and strain

What is the difference between stress and strain? Answer: Stress is the internal resistance force per unit area that opposes deformation, w...