Welcome back with Active Directory Replication and the role of Sites in our domain network!
Before we see the main role of Sites (replications), let's take a look at things benefited as designed.
[00:05] According to part 1, you now have a domain network structure in physic: we divided it into subnets/sites, designated appropriate Domain Controllers, etc.
Sites were born to serve the "replication" purpose of Active Directory.
And one of the most important services is Global Catalog, which provides a central repository of domain information for the forest by storing partial replicas of all domain directory partitions.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc737410(v=ws.10)
[00:13] So, servers which run these services must be reached all the time, also, they must synchronize with each other efficiently.
That why we configure it in conjunction with Sites. The first domain controller in a forest is automatically designated as a Global Catalog. Thereafter, a domain controller can be designated as a Global Catalog in the NTDS Settings Properties dialog box in Active Directory Sites and Services. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc977998(v=technet.10)
[00:21] This DC's type is Global Catalog.
[00:28] We can enable/disable it here.
[00:39] Universal Group Membership is a part of domain login, and it is not stored on all domain controllers.
So, we can take advance of GC servers to incorporate with Site's distributive designs, turn them into endpoints to provide resilient/fault-tolerant authentications by caching this membership info.
https://docs.microsoft.com/en-us/previous-versions/technet-magazine/ff797984(v=msdn.10)
[00:55] Let's enable Universal Group Membership Caching.
[00:59] In the Refresh cache from the list, click the site that you want the domain controller to contact when the Universal Group membership cache must be updated, and then click OK. (the Master in the replication model).
http://techgenix.com/Whentouseandnotuseuniversalgroupmembershipcaching/
You may wonder why with just some configurations at this Active Directory Sites and Services, the client can know which servers are sharing the same Site to contact?
That's DNS with the help of "Locator" (The Windows Server 2003 or later domain controller locator, implemented in the Net Logon service, enables a client to locate a domain controller).
[01:12] During a search for a domain controller, the Locator attempts to find a domain controller in the site closest to the client.
When DNS is used, the Locator searches first for a site-specific DNS record before it begins to search for a DNS record that is not site-specific (thereby preferentially locating a domain controller in that site).
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759550(v=ws.10)
[01:19] Let's see these records by open DNS Manager.
[01:31] Let's examine _tcp records of the Default site.
[01:42] In addition to that, if these DNS zones are AD-integrated one, they will be stored in Active Directory database (its raw format is just an LDAP database) as well instead of plain text zone files, thus taking advantage of AD automatic replication and removing the need for primary/secondary DNS servers.
https://serverfault.com/questions/170070/where-does-active-directory-integrated-dns-store-its-data
http://clintboessen.blogspot.com/2010/02/active-directory-dns-zone-locations.html
From this "simple" LDAP database, tools/consoles represent records in meaningful ways:
– DNS Manager help configure AD-integrated zones, records, etc. (System container)
– Active Directory Schema console to configure: class and attribute definitions for all existing and possible Active Directory objects. (Schema partition)
– Active Directory Users and Computers to manage: users, computers, groups, and other objects of the domain. (Domain partition)
And so on.
In this case, we will use ADSI Edit to view them all in the raw form to have an overview of "directory namespace" about it is divided into "directory partitions" to serve the management/
eplication /sync purpose.
[02:01] Open ADSI Edit then connects to a well-known Naming Context firstly.
https://www.serverbrain.org/active-directory-planning-008/using-adsi-edit-to-view-directory-service-partitions.html
[02:32] Now connect to the Microsoft DNS container where AD-integrated DNS zones are residing as mentioned.
[03:00] Oops, make sure you have experience with this tool as well as how to manipulating LDAP database like Active Directory.
Take a look as LDAP Namespace Structure: http://www.informit.com/articles/article.aspx?p=101405&seqNum=7
[03:18] Let's examine these LDAP records.
[03:35] This is the DNS zone SnoOpy.com as we saw in DNS Manager and its record in the flat format, they have no transparent structure at all.
So far, with episode 1, we know the benefits of Sites in replication operations, latency reducing, traffic optimizations, etc.
And now, with part 2, we understand the key that participates in the sync/replication process: Global Catalog; a genius feature can be used in conjunction with Sites (on GC server): Universal Group Membership Caching to power its design;
how DNS can help enforce Site's theory, and the actual data are being distributed/synchronized: directory partitions of the LDAP database.
[03:47] Wait for part 3 of Manage Sites and Active Directory Replication to configure the replication through ADSS and see it in action :3
[SHAZAM]
http://shazam.marvel-it.icu/s=eab6b99b&f=6bekZzEA
[YOUTUBE]
English
Arabic
Chinese (Simplified)
Dutch
French
German
Italian
Portuguese
Russian
Spanish