AD site and replication
DNS and AD domain relationship
DNS SRV records and _msdcs zone
SRV records: Identify AD-related services in the heart
DC, GC, PDC host
_msdcs zone: automatically generated by default and AD domain controller integrated DNS service
Default is to replicate according to the current domain
AD related replication
AD database
Partition copy:
Default: In the whole forest: schema partition, configuration partition
In domain: domain partition
DNS Replication: Can be defined according to needs: Domain & Forest & Designated Domain Controller
GC replication: When the current AD forest (multi-domain), consider GC replication
SYSVOL Replication: Shared Folder for Group Policy Configuration and Script Configuration of AD
Synchronization via Distributed File System (DFS)
Reproducing the problem:
replication conflict
Multiple administrators operate on an object in different domain controllers at the same time - the operation takes effect later
Solve through management mechanism & management process
replication problem
replication delay
AD database size
Distributed across multiple domains
network latency
AD site optimization
Replication mechanism and topology
KCC: Knowledge Consistency Check
AD domain controllers automatically discover adjacent domain controllers (within 3 hops), two adjacent domain controllers, and automatically create replication connections through KCC
Copy Mechanism: Copy with "pull" & notify copy
When the AD database of a writable domain controller changes
Single-Master Replication: Only when the notification of the change is transmitted to the specified domain controller (operations master role), the domain controller is changed and synchronized to other domain controllers
Multi-master replication: When any writable domain controller changes, it will notify two adjacent domain controllers through the replication connection, and the notified domain controller checks the received notification information and compares it with its own database , if the information in the notification is newer than the current database, it will take the initiative to copy the new AD database to the AD domain controller that initiated the notification
Replication topology
Replication Optimization - AD Site
AD site
Definition: Domain Controllers in Physical & Logical Distinct Geographical Locations
IP subnets in different geographic locations
Domain Controller and Subnet Binding - Basic Site Configuration
When the subnet changes, the AD administrator must be notified to adjust the AD site
Function:
Optimize user login: When users in different locations log in, they will find the nearest domain controller to log in according to the site
Optimize AD replication: when AD database changes
In-site: high-speed, reliable network, priority replication
Between sites: slow, reliable network: timed, compressed replication (remote differential compression)
AD site configuration
basic configuration
define site
define subnets
Define Domain Controller
Existing Domain Controller
Create a new AD domain controller
New domain controllers are automatically identified based on the current network and site
Advanced configuration
Site configuration related properties configuration
Universal group membership cache: The universal group is saved in the GC server by default. After enabling this setting, when the client & application queries the local DC for the universal group membership, the DC will cache the universal group membership.
Defines whether the specified domain controller is a GC
bridgehead server
In each AD site, the designated domain controller must be configured as the "bridgehead server" of the current site. When transferring data between sites, the domain controller acting as the bridgehead server performs the transfer between sites.
Sync between DFS sites
Replication topology connection
By default, it will be automatically generated when adding & removing a domain controller, or you can manually create a connection from the current domain controller to the specified domain controller
Site Link & Site Link Bridge
Site Connectivity: Defines network protocols (IP & SMTP), network overhead (network latency), and replication frequency between sites
Site Link Bridge: When there are multiple sites in an organization, spread across multiple geographic locations and using multiple network states
Sitelink bridges can be used to connect sitelinks in multiple locations
Replication conflict between AD domain controllers
