- Evolution of Directory Services
- Active Directory Development
- Active Directory Structure
- Active Directory Components
- Domain Trusts
- Organizational Units
- Groups in an Active Directory Environment
- Active Directory Replication
- DNS in Active Directory
- Active Directory Security
- Active Directory Changes in Windows .NET Server 2003
- Summary
- Best Practices
Active Directory Replication
Replication in Active Directory is a critical function that is necessary to fulfill the functionality of a multimaster environment. The ability to make changes on any domain controller in a forest and then have those changes replicate to the other domain controllers is key. Consequently, a robust method of distributing this information was a major consideration for the development team at Microsoft. Active Directory replication is independent of the forest, tree, or domain structure, and it is this flexibility that is central to AD's success.
Sites, Site Links, and Site Link Bridgeheads
For purposes of replication, Active Directory logically organizes groups of servers into a concept known as sites. Typically speaking, a single site should be composed of servers that are connected to each other via T1 or higher-speed connections. The links that are established to connect two or more locations connected potentially through slower-speed connections are known as site links. Sites are created with site links connecting the locations together to enable the administrator to specify the bandwidth used to replicate information between sites.
Rather than having information replicated immediately between servers within a high-speed connected site, the administrator can specify to replicate information between two sites only once per night or at a time when network demands are low, allowing more bandwidth availability to replicate Active Directory information.
Servers that funnel intersite replication through themselves are known as site link bridgeheads.
Figure 4.9 shows a potential Windows .NET Active Directory site structure. Site links exist between offices, and a domain controller in each site acts as the site link bridgehead. The site structure is completely modifiable, and should roughly follow the WAN structure of an organization. By default, only a single site is created in Active Directory, and administrators must manually create additional sites to be able to optimize replication. More on these concepts can be found in Chapter 7, "Active Directory Infrastructure."
Figure 4.9 Sample site structure where locations are connected by site links.
Originating Writes
Replication of objects between domain controllers is accomplished through the use of a property known as Originating Write. As changes are made to an object, this property is incrementally increased in value. A domain controller compares its own version of this value to the one received during a replication request. If it is lower, the change is applied; if not, it is discarded. This simplistic approach to replication is also extremely reliable and efficient and allows for effective object synchronization. For more information on replication, including a detailed analysis of Originating Writes and its other key components, refer to Chapter 7.