Transcript Document

70-294: MCSE Guide to Microsoft
Windows Server 2003 Active
Directory, Enhanced
Chapter 6:
Active Directory Physical
Design
Objectives
• Describe the objects and components of Active
Directory that relate to the physical structure
• Understand how to plan the physical structure of
Active Directory and consider how the topology
of your network will affect your design
Guide to MCSE 70-294, Enhanced
2
Active Directory Physical
Objects
• Physical objects
• Have equivalent physical structure in real world
• Logical and physical structure independent
• Physical objects:
• Sites
• Site links
• Domain controllers
Guide to MCSE 70-294, Enhanced
3
Example Site and Domain Configurations
Guide to MCSE 70-294, Enhanced
4
Site Objects
• Site
• Region of network infrastructure
• Made up of one or more well-connected IP subnets
• “Well connected”
• Commonly understood to refer to local area network
(LAN) environment
Guide to MCSE 70-294, Enhanced
5
Site Objects (continued)
• Default-First-Site-Name
• Site created when first domain controller promoted
• Often is renamed
• Used as first site in Active Directory
• Can be left alone
• Used to identify when servers cannot determine their site
• Allow clients belonging to same physical network
to access services from servers in close proximity
Guide to MCSE 70-294, Enhanced
6
Site Objects (continued)
• Servers:
• Domain controllers
• Global catalog servers
• Distributed file system (DFS)
• Site-aware
Guide to MCSE 70-294, Enhanced
7
Simple Site Diagram
Guide to MCSE 70-294, Enhanced
8
Activity 6-1: Creating Sites
• Objective: This exercise is designed to familiarize you
with the process of creating sites using Active Directory
Sites and Services
Guide to MCSE 70-294, Enhanced
9
Activity 6-1: Creating Sites (continued)
• Implement the site structure seen below:
Guide to MCSE 70-294, Enhanced
10
Subnet Objects
• Identify subnets on network
• Can be associated with sites
• Allow client computer to determine in which site
it is located
• Comparing its IP address and subnet mask to subnets in
Active Directory
Guide to MCSE 70-294, Enhanced
11
List of Subnets That Make Up
Each Site
Guide to MCSE 70-294, Enhanced
12
Site Link Objects
• Represent fact that physical connection exists
between two or more sites
• DEFAULTIPSITELINK
• Automatically created when first DC promoted
• Several parameters
• Control replication
• Control how clients and servers determine closest site
Guide to MCSE 70-294, Enhanced
13
Network Connections and Site Links
Guide to MCSE 70-294, Enhanced
14
Activity 6-3: Creating Site
Links
• Objective: This exercise is designed to familiarize
you with the process of creating site links using
Active Directory Sites and Services
• Follow the instructions to create site links
Guide to MCSE 70-294, Enhanced
15
Creating a Site Link
Guide to MCSE 70-294, Enhanced
16
Domain Controllers
•
•
•
•
Windows server computer
Maintains copy of domain database
Used for authentication
Placed in sites by examining IP address
Guide to MCSE 70-294, Enhanced
17
Activity 6-4: Moving a Domain
Controller Object Between
Sites
• Objective: Understand the process of manually
moving a domain controller between sites
• Once a domain controller has been promoted it
must be moved to a new site if physically
relocated
Guide to MCSE 70-294, Enhanced
18
Active Directory Sites and Services
Guide to MCSE 70-294, Enhanced
19
Planning and Designing the
Physical Structure
• Planning and designing:
• Important task
• Must complete prior to implementing physical objects
themselves
Guide to MCSE 70-294, Enhanced
20
Physical Network
• Physical network
• Represents actual physical objects that deliver message
from one place to another
• Components:
• Point of transmission
• Transmission medium
• Point of reception
• Begin planning Active Directory sites by creating
diagram of physical network infrastructure
Guide to MCSE 70-294, Enhanced
21
Physical Network (continued)
• Diagram should include:
•
•
•
•
•
•
Cable types
Approximate paths of cable routing
Server maps
Peripheral devices
WAN connections
Number of users and computers located at each
physical location
• Nonstandard implementations
Guide to MCSE 70-294, Enhanced
22
Site Topology
• Collection of objects that represent physical
network
• Does not necessarily map one to one to actual
physical topology
• Key factor:
• Arrangement of subnets
Guide to MCSE 70-294, Enhanced
23
Site Links
• Used to model amount of available bandwidth
between two sites
• Networks connected by link that is slower than
LAN speed
• Cost
• Purely arbitrary value
• Not an actual dollar figure
• Assigned by administrator
Guide to MCSE 70-294, Enhanced
24
Site Links (continued)
• Clients choose to connect to server that has lowest
cost path
• Domain controllers use site link cost to locate
closest replication partners
• Once lowest-cost server is selected
• 100% up to underlying network structure to determine
how data gets from point A to point B
Guide to MCSE 70-294, Enhanced
25
Choosing Server Based on Cost
Guide to MCSE 70-294, Enhanced
26
Choosing Replication Partner Based on Cost
Guide to MCSE 70-294, Enhanced
27
Site Links
• Using 1 for a preferred link strongly discouraged
• Can use a formula
Guide to MCSE 70-294, Enhanced
28
Activity 6-5: Modifying the
Cost of a Site Link
• Objective: This exercise is designed to familiarize
you with the process of modifying the cost of a
site link
• Use Active Directory Sites and Services to modify
site link cost
Guide to MCSE 70-294, Enhanced
29
Number of Hops Versus Site Cost
Guide to MCSE 70-294, Enhanced
30
Site Links
• Replication Schedule
• Defines hours during when site link available for
replication
• Manually configured
• Requires consideration when determining appropriate
settings
• Replication interval
• Controls polling interval used by replication process
Guide to MCSE 70-294, Enhanced
31
Site Links (continued)
• Transport Protocol
• Choices:
• RPC (Remote Procedure Call) over TCP/IP
• SMTP
• Replication within site always uses RPC over TCP/IP
• Based on quality of network connectivity
Guide to MCSE 70-294, Enhanced
32
Site Link Bridges
• Some sites do not have a fully routed IP
environment
• Cannot ping from one site to another site
• Composed of minimum of two site links
• Fully routed IP infrastructure is assumed
• Must disable Bridge all site links option
• Only sites that have a site link directly between them
can communicate
• Site link bridges can be added
Guide to MCSE 70-294, Enhanced
33
Not Fully Routed
Guide to MCSE 70-294, Enhanced
34
Not Fully Routed with Site Link Bridges
Guide to MCSE 70-294, Enhanced
35
Domain Controller and Global
Catalog Placement
• Every domain in forest
•
•
•
•
Should have at least two domain controllers
Provides redundancy for authentication
Can be in different sites
May be necessary to collect performance statistics to
determine how many domain controllers are needed at
site
Guide to MCSE 70-294, Enhanced
36
Domain Controller and Global
Catalog Placement
• Goal at large site
• Have n+1 domain controllers
• n represents the number of domain controllers required
to handle load
Guide to MCSE 70-294, Enhanced
37
Example Placement of Domain Controllers
Guide to MCSE 70-294, Enhanced
38
Domain Controller and Global
Catalog Placement
• Global Catalog Servers
• Index and partial replica of objects and attributes
• Most frequently used throughout entire Active Directory
structure
• Designate global catalog server
• At least one domain controller per site
Guide to MCSE 70-294, Enhanced
39
Activity 6-6: Designating a
Domain Controller as a Global
Catalog Server
• Objective: This exercise is designed to familiarize
you with the process of designating a domain
controller as a global catalog
• Use Active Directory Sites and Services to
designate a Global Catalog Server
Guide to MCSE 70-294, Enhanced
40
Summary
• Active Directory sites are composed of one or
more well-connected subnets
• Object connecting two or more sites is called a site
link
• Site link cost is an arbitrary value set by
administrator
• Used when locating closest server
Guide to MCSE 70-294, Enhanced
41
Summary (continued)
• Placement of domain controllers is determined by
the client load and availability required
• Global catalog servers provide a fast way to search
for objects located throughout forest
Guide to MCSE 70-294, Enhanced
42