• Chapter 1. Installing and Configuring Windows Server 2003
  • software development Company Server 2003
  • Chapter 1. Installing and Configuring Windows Server 2003
  • New Features in Windows Server 2003
  • Best Practices
  • Moving Forward
  • Version Comparisons
  • Hardware Recommendations
  • Installation Checklist
  • Functional Overview of Windows Server 2003 Setup
  • Installing Windows Server 2003
  • Post Setup Configurations
  • Functional Description of the Windows Server 2003 Boot Process
  • Correcting Common Setup Problems
  • Chapter 2. Performing Upgrades and Automated Installations
  • New Features in Windows Server 2003
  • NT4 Upgrade Functional Overview
  • Upgrading an NT4 or Windows 2000 Server
  • Automating Windows Server 2003 Deployments
  • Moving Forward
  • Chapter 3. Adding Hardware
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Architecture
  • Overview of Windows Server 2003 Plug and Play
  • Installing and Configuring Devices
  • Troubleshooting New Devices
  • Moving Forward
  • Chapter 4. Managing NetBIOS Name Resolution
  • New Features in Windows Server 2003
  • Moving Forward
  • Overview of Windows Server 2003 Networking
  • Name Resolution and Network Services
  • Network Diagnostic Utilities
  • Resolving NetBIOS Names Using Broadcasts
  • Resolving NetBIOS Names Using Lmhosts
  • Resolving NetBIOS Names Using WINS
  • Managing WINS
  • Disabling NetBIOS-over-TCP/IP Name Resolution
  • Chapter 5. Managing DNS
  • New Features in Windows Server 2003
  • Configuring a Caching-Only Server
  • Configuring a DNS Server to Use a Forwarder
  • Managing Dynamic DNS
  • Configuring Advanced DNS Server Parameters
  • Examining Zones with Nslookup
  • Command-Line Management of DNS
  • Configuring DHCP to Support DNS
  • Moving Forward
  • Overview of DNS Domain Structure
  • Functional Description of DNS Query Handling
  • Designing DNS Domains
  • Active Directory Integration
  • Configuring DNS Clients
  • Installing and Configuring DNS Servers
  • Configuring Secondary DNS Servers
  • Integrating DNS Zones into Active Directory
  • Chapter 6. Understanding Active Directory Services
  • New Features in Windows Server 2003
  • Active Directory Support Files
  • Active Directory Utilities
  • Bulk Imports and Exports
  • Moving Forward
  • Limitations of Classic NT Security
  • Directory Service Components
  • Brief History of Directory Services
  • X.500 Overview
  • LDAP Information Model
  • LDAP Namespace Structure
  • Active Directory Namespace Structure
  • Active Directory Schema
  • Chapter 7. Managing Active Directory Replication
  • New Features in Windows Server 2003
  • Replication Overview
  • Detailed Replication Transaction Descriptions
  • Designing Site Architectures
  • Configuring Inter-site Replication
  • Controlling Replication Parameters
  • Special Replication Operations
  • Troubleshooting Replication Problems
  • Moving Forward
  • Chapter 8. Designing Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Design Objectives
  • DNS and Active Directory Namespaces
  • Domain Design Strategies
  • Strategies for OU Design
  • Flexible Single Master Operations
  • Domain Controller Placement
  • Moving Forward
  • Chapter 9. Deploying Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Preparing for an NT Domain Upgrade
  • In-Place Upgrade of an NT4 Domain
  • In-Place Upgrade of a Windows 2000 Forest
  • Migrating from NT and Windows 2000 Domains to Windows Server 2003
  • Additional Domain Operations
  • Moving Forward
  • Chapter 10. Active Directory Maintenance
  • New Features in Windows Server 2003
  • Loss of a DNS Server
  • Loss of a Domain Controller
  • Loss of Key Replication Components
  • Backing Up the Directory
  • Performing Directory Maintenance
  • Moving Forward
  • Chapter 11. Understanding Network Access Security and Kerberos
  • New Features in Windows Server 2003
  • Windows Server 2003 Security Architecture
  • Security Components
  • Password Security
  • Authentication
  • Analysis of Kerberos Transactions
  • MITv5 Kerberos Interoperability
  • Security Auditing
  • Moving Forward
  • Chapter 12. Managing Group Policies
  • New Features in Windows Server 2003
  • Group Policy Operational Overview
  • Managing Individual Group Policy Types
  • Moving Forward
  • Chapter 13. Managing Active Directory Security
  • New Features in Windows Server 2003
  • Overview of Active Directory Security
  • Using Groups to Manage Active Directory Objects
  • Service Accounts
  • Using the Secondary Logon Service and RunAs
  • Using WMI for Active Directory Event Notification
  • Moving Forward
  • Chapter 14. Configuring Data Storage
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Data Storage
  • Performing Disk Operations on IA32 Systems
  • Recovering Failed Fault Tolerant Disks
  • Working with GPT Disks
  • Moving Forward
  • Chapter 15. Managing File Systems
  • New Features in Windows Server 2003
  • Overview of Windows Server 2003 File Systems
  • NTFS Attributes
  • Link Tracking Service
  • Reparse Points
  • File System Recovery and Fault Tolerance
  • Quotas
  • File System Operations
  • Moving Forward
  • Chapter 16. Managing Shared Resources
  • New Features in Windows Server 2003
  • Functional Description of Windows Resource Sharing
  • Configuring File Sharing
  • Connecting to Shared Folders
  • Resource Sharing Using the Distributed File System (Dfs)
  • Printer Sharing
  • Configuring Windows Server 2003 Clients to Print
  • Managing Print Services
  • Moving Forward
  • Chapter 17. Managing File Encryption
  • New Features in Windows Server 2003
  • File Encryption Functional Description
  • Certificate Management
  • Encrypted File Recovery
  • Encrypting Server-Based Files
  • EFS File Transactions and WebDAV
  • Special EFS Guidelines
  • EFS Procedures
  • Moving Forward
  • Chapter 18. Managing a Public Key Infrastructure
  • New Features in Windows Server 2003
  • Moving Forward
  • PKI Goals
  • Cryptographic Elements in Windows Server 2003
  • Public/Private Key Services
  • Certificates
  • Certification Authorities
  • Certificate Enrollment
  • Key Archival and Recovery
  • Command-Line PKI Tools
  • Chapter 19. Managing the User Operating Environment
  • New Features in Windows Server 2003
  • Side-by-Side Assemblies
  • User State Migration
  • Managing Folder Redirection
  • Creating and Managing Home Directories
  • Managing Offline Files
  • Managing Servers via Remote Desktop
  • Moving Forward
  • Chapter 20. Managing Remote Access and Internet Routing
  • New Features in Windows Server 2003
  • Configuring a Network Bridge
  • Configuring Virtual Private Network Connections
  • Configuring Internet Authentication Services (IAS)
  • Moving Forward
  • Functional Description of WAN Device Support
  • PPP Authentication
  • NT4 RAS Servers and Active Directory Domains
  • Deploying Smart Cards for Remote Access
  • Installing and Configuring Modems
  • Configuring a Remote Access Server
  • Configuring a Demand-Dial Router
  • Configuring an Internet Gateway Using NAT
  • Chapter 21. Recovering from System Failures
  • New Features in Windows Server 2003
  • Functional Description Ntbackup
  • Backup and Restore Operations
  • Recovering from Blue Screen Stops
  • Using Emergency Management Services (EMS)
  • Using Safe Mode
  • Restoring Functionality with the Last Known Good Configuration
  • Recovery Console
  • Moving Forward
  • Who Should Read This Book
  • Who This Book Is Not For
  • Conventions
  • Acknowledgments
  • About the Author
  • About the Technical Reviewers
  • Index
  • Index A
  • Index B
  • Index C
  • Index D
  • Index E
  • Index F
  • Index G
  • Index H
  • Index I
  • Index J
  • Index K
  • Index L
  • Index M
  • Index N
  • Index O
  • Index P
  • Index Q
  • Index R
  • Index S
  • Index SYMBOL
  • Index T
  • Index U
  • Index V
  • Index W
  • Index X
  • Index Z
  • Preface
  • Previous Section Next Section

    Configuring Inter-site Replication

    After you have a plan in place that defines your sites, IP subnets, site links, costs, and bridgeheads, you can proceed to create the objects in Active Directory. Here is the general course of action:

    • Rename the Default-First-Site-Name object

    • Create new Site objects

    • Create Subnet objects

    • Create Site Link objects

    • Designate bridgehead servers

    After completing this work, the KCC should handle any changes you make to the distribution of domain controllers and Global Catalog servers in the network with no further intervention.

    Rename the Default-First-Site-Name Site

    The name for the first site is a little long and clumsy for most uses. The steps to rename it are listed in Procedure 7.4.

    Procedure 7.4 Renaming the Default-First-Site-Name Object

    1. Open the AD Sites and Services console.

    2. Right-click the Default-First-Site-Name object and select RENAME from the flyout menu. The object name gets a bounding box and a blue background.

    3. Change the name to the name of the site in your site plan and press Enter. The example shows a new name of Phoenix.

    4. Leave the console open. You need it to perform the next steps.

    The name change is registered with DNS automatically. Verify using the DNS console that the name change took effect. This ensures that the site references used by the Active Directory clients are correct. If the DNS server is offline when you change the name, or if you lose network connection while the change is replicating, the new site name will be registered as soon as connection to DNS is re-established. You may need to delete the old site name manually from the zone table.

    Create New Sites

    After you rename the first site, create site objects for the remaining sites in your plan. Do this using the AD Sites and Services console as shown in Procedure 7.5.

    Procedure 7.5 Creating a New Site Object

    1. Right-click the Sites object and select NEW SITE from the flyout menu. The New Object Ц (Site) window appears (see Figure 7.10).

      Figure 7.10. New Object Ч (Site) window.


    2. Under Name, enter the name of the site. The example uses a site name of Houston.

    3. Under Link Name, highlight DefaultIPSiteLink. This is only a placeholder. You'll be creating specific links a little later.

    4. Click OK to create the Site object.

    When you create the Site object, the system automatically creates a Server container and two Settings objects, Licensing Site Settings and NTDS Site Settings. The system also adds several SRV records to DNS that point at the new domain controller. These records are grouped under the _msdcs and _sites headings.

    Create IP Subnets

    Active Directory uses subnets to differentiate between sites. Create Subnet objects for each subnet in your network as shown in Procedure 7.6.

    Procedure 7.6 Creating a Subnet Object

    1. Right-click the Subnets object and select NEW SUBNET from the flyout menu. The New Object Ц (Subnet) window appears (see Figure 7.11).

      Figure 7.11. New Object Ч (Subnet) window showing subnet for the Phoenix site.


    2. Under Name, enter the subnet address and the number of bits in the subnet mask. The example uses a private 10-space network,, with a 24-bit mask corresponding to

    3. Select a Site object to associate with the Subnet object. The example uses the Phoenix site. If you have more than one subnet in a Site, you can create multiple Subnet objects and associate them with the same site.

    4. Click OK to create the subnet object and return to the main console window.

    Use the same procedure to create Subnet objects for all the subnets in your network.

    Create Site Links

    You are now ready to create and configure the necessary Site Link objects to describe your network infrastructure. Follow the steps in Procedure 7.7.

    Procedure 7.7 Creating and Configuring Site Link Objects

    1. Expand the tree to find the IP object under Sites | Inter-Site Transports.

    2. Right-click the IP object and select NEW SITE LINK from the flyout menu. The New Object Ц (Site Link) window appears (see Figure 7.12).

      Figure 7.12. New Object Ч (Site Link) window.


    3. Under Name, enter a name for the Site Link object.

    4. Select two sites and click Add to put them in the Sites In This Link list. You must have at least two sites associated with a Site Link.

    5. Click OK to create the object.

    6. Open the Properties window for the new Site Link object (see Figure 7.13).

      Figure 7.13. Site Link Properties for the Phoenix to Houston link showing description, cost, and interval.


    7. Enter a Description for the link. You might want to include the type of connection, the bandwidth, and any helpful information that helps you isolate problems should you have trouble with the link.

    8. Assign a Cost to the link. This is the highest-speed link in the example network, so it gets a cost of 1. For the 512K links to the branch offices, assign a cost of 20. For the emergency ISDN line, assign a cost of 100. Keep the options to a minimum. The KCC uses these numbers to build a spanning tree map. If you use too many values, you'll confuse matters rather than help them.

    9. Shorten the default Replication interval unless the link is especially slow or heavily subscribed. The shortest interval that the system accepts is 15 minutes. If you enter a shorter interval, the change is accepted, but the interval is set to 15.

    10. Click Change Schedule. The Schedule window opens for the link (see Figure 7.14).

      Figure 7.14. Schedule window for the Phoenix to Houston Site Link showing that replication is available 7x24.


    11. If the connection is up at certain times, clear the blue for the intervals where it is not available. Use this option if you have a slow link that experiences peak traffic at certain times and you don't want to add replication traffic to the mix. When you play games with replication intervals, keep in mind that you're affecting latency.

    12. Click OK to save the change and return to the Properties window.

    13. Click OK to save the changes and return to the console.

    14. Close the console.

    Now create Site Link objects for the remaining connections between sites.

    Designating Bridgehead Servers

    The KCC may select a bridgehead that is not the most capable domain controller in a site. Or it may select a bridgehead that is not a Global Catalog server, which would require the system to create additional connections to handle GC replication between sites.

    You can reduce the complexity of inter-site replication and improve performance by selecting preferred bridgehead servers. It is important to designate multiple preferred bridgeheads so that the failure of a single server does not cause a failure of inter-site replication. Procedure 7.8 designates a Bridgehead server.

    Procedure 7.8 Designating a Bridgehead Server

    1. Open the AD Sites and Services console.

    2. Expand the tree to show the Server object representing the domain controller you want to use for a bridgehead server.

    3. Right-click the Server object and select PROPERTIES from the flyout menu. The Properties window opens (see Figure 7.15).

      Figure 7.15. Properties window for server showing transports that have been added to the bridgehead list.


    4. Select the IP transport and click Add to move it to the bridgehead side of the window.

    5. Click OK to save the change.

    The Computer field indicates the Computer object associated with the Server object used to control replication. The two names should always be the same.

    Bridgehead Servers and Firewalls

    Another common reason for designating specific Bridgehead servers is to configure replication through a firewall. By assigning the servers that handle inter-site replication, you can configure the firewall to pass traffic only from those servers.

    You can designate the port used by the bridgehead server. This helps to configure replication through the firewall. This option requires a Registry entry:

    Key:    HKLM | System | CurrentControlSet | Services | NTDS | 
    Value:  TCP/IP Port
    Data:   <port number>

    Creating Site Link Bridge Objects

    You may find after laying out the Site Links and running the system in production a while that the bridgeheads need a bit more information about your network to lay their replication plans effectively. This involves creating specific Site Link Bridge objects to describe preferred routes. Follow the steps in Procedure 7.9 to disable global site link bridging and to build Site Link Bridge objects.

    Procedure 7.9 Building a Site Link Bridge Object

    1. Open the AD Sites and Services console.

    2. Right-click the IP object and select PROPERTIES from the flyout menu. The IP Properties window opens (see Figure 7.16).

      Figure 7.16. IP Properties window showing the global bridging option.


    3. Deselect the Bridge All Site Links option. This removes the global transitive bridging for site links.

    4. Right-click the IP object and select NEW SITE LINK BRIDGE from the flyout menu. The New Object Ц (Site Link Bridge) window appears (see Figure 7.17).

      Figure 7.17. New Object Ч (Site Link Bridge) window.


    5. Select the links you want to define for the preferred route and click Add to put them on the list.

    6. Click OK to save the changes and return to the console. The Site Link Bridge object is added to the list of IP link objects.

    7. Monitor your Event log and Connection object status carefully over the next few hours to see how the KCC reacts to the change.

    Only a few more items to take care of, then the job is complete. One of those items is making sure that efficient use is made of the domain controllers when it comes to propagating replication traffic. To do that, we may need Bridgehead servers.

      Previous Section Next Section