2. Managing Replicas
A replica is a copy of any data stored within Active
Directory. Unlike the basic information that is stored in Active
Directory, application partitions cannot contain security principals.
Also, not all domain controllers automatically contain copies of the
data stored in an application data partition. System administrators can
define which domain controllers host copies of the application data.
This is a very important feature, since, if replicas are used
effectively, administrators can find a good balance between replication
traffic and data consistency. For example, suppose that 3 of your
organization's 30 locations require up-to-date accounting-related
information. You might choose to only replicate the data to domain
controllers located in the places that require the data. Limiting
replication of this data reduces network traffic.
Replication is the process by which replicas are
kept up to date. Application data can be stored and updated on
designated servers, the same way basic Active Directory information
(such as users and groups) is synchronized between domain controllers.
Application data partition replicas are managed using the Knowledge
Consistency Checker (KCC), which ensures that the designated domain
controllers receive updated replica information. Additionally, the KCC
uses all of Active Directory sites and connection objects that you create to determine the best method to handle replication.
3. Removing Replicas
When you perform demotion
on a domain controller, that server can no longer host an application
data partition. If a domain controller contains a replica of
application data partition information, you must remove the replica
from the domain controller before you demote it. If a domain controller
is the machine that hosts a replica of the application data partition,
then the entire application data partition is removed and will be
permanently lost. Generally, you want to do this only after you're
absolutely sure that your organization no longer needs access to the
data stored in the application data partition.
4. Using ntdsutil to Manage Application Data Partitions
The primary method by which systems administrators
create and manage application data partitions is through the ntdsutil
command-line tool. You can launch this tool by simply entering ntdsutil at a command prompt. The ntdsutil
command is both interactive and context-sensitive. That is, once you
launch the utility, you'll see an ntdsutil command prompt. At this
prompt, you can enter various commands that set your context within the
application. For example, if you enter the domain management
command, you'll be able to use domain-related commands. Several
operations also require you to connect to a domain, a domain
controller, or an Active Directory object before you perform a command.
NOTE
For complete details on using ntdsutil, see the Windows Server 2008 Help and Support Center.
Table 1
provides a list of the domain management commands supported by the
ntdsutil tool. You can access this information by typing the following
sequence of commands at a command prompt.
ntdsutil
domain management
help
Table 1. ntdsutil Domain Management Commands
| ntdsutil Domain Management Command | Purpose |
|---|
| Help or ? | Displays information about the commands that are available within the Domain Management menu of the ntdsutil command. |
| Connection or Connections | Allows
you to connect to a specific domain controller. This will set the
context for further operations that are performed on specific domain
controllers. |
| Create NC PartitionDistinguishedName DNSName | Creates a new application directory partition. |
| Delete NC PartitionDistinguishedName | Removes an application data partition. |
| List NC Information PartitionDistinguishedName | Shows information about the specified application data partition. |
| List NC Replicas PartitionDistinguishedName | Returns information about all replicas for the specific application data partition. |
| Precreate PartitionDistinguishedName ServerDNSName | Precreates
cross-reference application data partition objects. This allows the
specified DNS server to host a copy of the application data partition. |
| Remove NC Replica PartitionDistinguishedName DCDNSName | Removes a replica from the specified domain controller. |
| Select Operation Target | Selects the naming context that will be used for other operations. |
| Set NC Reference Domain PartitionDistinguisedName DomainDistinguishedName | Specifies the reference domain for an application data partition. |
| Set NC Replicate NotificationDelay PartitionDistinguishedName FirstDCNotificationDelay OtherDCNotificationDelay | Defines settings for how often replication will occur for the specified application data partition. |
|
The ntdsutil commands are all case-insensitive.
Mixed-case was used in the table to make them easier to read. NC in
commands stands for naming context, referring to the fact that this is a partition of the Active Directory schema.
|
Instead of focusing on details of specific commands
and syntax related to ntdsutil, be sure that you really understand
application directory partitions and how they and their replicas can be
used.
|
|
Figure 2 provides an example of working with ntdsutil. The following commands were entered to set the context for further operations:
ntdsutil
domain management
connections
connect to server localhost
connect to domain ADTest
quit
list
