Windows Server 2016-Manage Site replication (i)

You can use the Active Directory Sites and Services snap-in to manage site-specific objects that implement intersite replication topologies. These objects are stored in the site container of Active Directory Domain Services (AD DS). Domain controllers in the same site are typically connected over a high-speed network and do not transmit data in a compressed manner while replicating. The site in AD represents the physical structure or topology of the network. Ad uses topology information, which is stored in the directory as site and site link objects, to establish the most efficient replication topology. You can use Active Directory sites and services to define site and site links.

A site is a set of effectively connected subnets. Unlike sites and domains, a site represents the physical structure of a network, while a domain represents the logical structure of an organization.

benefits of using the site :

1. replication -by replicating information more frequently within a site (compared to replicating information between sites), ad balances the need for the latest catalog information with the need for optimized bandwidth. You can also configure the relative overhead of inter-site connections to further optimize replication.
   

2. authentication --site information helps make authentication faster and more efficient. When a client logs on to a domain, it first searches its local site for the domain controller that is available for authentication. By establishing multiple sites, you ensure that clients leverage their closest domain controllers for authentication, which reduces authentication latency and keeps traffic out of the WAN connection.
   

3. Enable Active Directory Services -ad-enabled services can take advantage of site and subnet information to make it easier for clients to find the closest server provider.
   

Subnet , using subnets to define the site :

In AD, a site is a group of computers that are effectively connected through a high-speed network, such as a local area network (LAN). All computers within the same site are usually placed in the same building, or on the same campus network. A site is made up of one or more Internet Protocol (IP) subnets.

Understanding Sites and domains:

In AD, the site reflects the physical structure of the network, and the domain reflects the logical or administrative structure of the Organization. This distinction between physical and logical structures provides the following benefits:

• The logical and physical structure of the network can be designed and maintained separately.
  

• You do not have to base the domain namespace on a physical network.
  

• You can deploy domain controllers for multiple domains in the same site. You can also deploy domain controllers for the same domain in multiple sites
  

Replication overview

In addition to very small networks, directory data must reside in multiple locations on the network, so that it can be used equally by all users. With replication, the ad directory service retains a copy of the directory data on multiple domain controllers, ensuring directory availability and performance for all users. AD uses a multi-master replication model that allows directories to be changed on any domain controller, not just a delegated primary domain controller. AD relies on the site concept to maintain replication efficiency, and relies on the Knowledge Consistency Checker (KCC) to automatically determine the best replication topology for the network.

Improve replication efficiency with sites

AD relies on sites to make replication more efficient. A site is defined as a group of computers that are effectively connected, and it determines how directory data is replicated. Ad replicates directory information more frequently within a site than between sites. In this way, in the best-connected domain controller, the domain controller that is most likely to need specific directory information receives the updated content of the replication first. Domain controllers in other sites also receive changes, but infrequently, to reduce the consumption of network bandwidth.

replication is also categorized as intra-site replication and intersite replication .

1, in-Site replication :

• Network connectivity is reliable with sufficient bandwidth available
  

• Replication traffic is not compressed
  

• The change notification process initiates replication within the site.
  

AD processing replication within a site, or intersite replication, differs from the method used to process intersite replication because the bandwidth within the site is easier to use. The Ad Information Consistency Checker (KCC) uses a two-way ring design to establish an in-Site replication topology. In-station replication allows for speed optimization, and directory updates within the site are automatically based on change notifications. Unlike replication data between sites, directory updates replicated within a site are not compressed.

Establishing an in-station replication topology

The Knowledge Consistency Checker (KCC) on each domain controller uses a bidirectional ring design to automatically establish the most efficient replication topology for in-station replication. This two-way ring topology will create at least two connections for each domain controller (for fault tolerance) and no more than three hops between any two domain controllers (to reduce replication latency). To avoid a connection with more than three hops, this topology can include shortcut connections across loops. The KCC periodically updates the replication topology.

The KCC actually creates a separate replication topology for each directory partition (schema, configuration, domain, application). Within a single site, these topologies are usually the same for all partitions owned by the same set of domain controllers.

In-Station replication time OK:

Directory updates made within a site can have the most direct impact on local clients, so intra-station replication can be optimized for speed. Replication within a site is automated based on change notifications. When a directory update is performed on a domain controller, intra-site replication begins. By default, the source domain controller waits 15 seconds, and then sends an update notification to the nearest replication partner. If the source domain controller has more than one replication partner, the default is to notify each partner successively in 3-second intervals. When a change notification is received, the partner domain controller sends a directory update request to the source domain controller. The source domain controller should request a copy operation to respond. The 3-second notification interval prevents the source domain controller from being overwhelmed by the simultaneous arrival of update requests from replication partners.

For some directory updates within a site, the 15-second wait time is not used, and replication occurs immediately. This immediate replication, known as emergency replication, is applied to important directory updates, including account lockout assignment and account lockout policy, domain password policy, or password changes on the domain controller account.

2. Inter-Site Replication:

• Limited available bandwidth and may not be reliable
  

• The replication traffic between all sites is compressed
  

• Replicated changes are made on a manually defined schedule
  

Replication between AD processing sites (or intersite replication) differs from the method used to process replication within a site, because bandwidth between sites is usually limited. The Ad Information Consistency Checker (KCC) uses the least expensive spanning-tree design to establish a intersite replication topology. Intersite replication is optimized for optimal bandwidth efficiency, and directory updates between sites can be automated based on a configurable schedule. Directory updates replicated between sites are compressed to conserve bandwidth.

Establish a intersite replication topology

Ad automatically establishes the most efficient inter-site replication topology by using information about site connections provided by Active Directory sites and services. This directory stores this information as a site link object. Each site is assigned a domain controller (known as the Intersite topology generator) to establish the topology. Use the lowest cost spanning tree algorithm to eliminate redundant replication paths between sites. The intersite replication topology is updated periodically to respond to any changes that occur on the network. You can control intersite replication by providing the information that you provide when you create a site link. For more information, see Managing Replication.

Inter-Site Replication Time Determination:

Ad saves bandwidth between sites by minimizing the frequency of replication and by allowing the availability of site replication links to be scheduled. By default, intersite replication across each site link occurs every 180 minutes (3 hours). You can adjust this frequency to meet your specific needs. Note that increasing this frequency will increase the amount of bandwidth used for replication. In addition, you can schedule the availability of site links used by replication. By default, site links can transfer replication traffic at any time. You can limit this schedule to specific days of the week and to specific times of the day. For example, you can schedule intersite replication so that it only occurs after normal business hours.

Windows Server 2016-Manage Site replication (i)