Sites are generally used to define groups of
computers that are located within a single geographic location. In most
organizations, machines that are located in close physical proximity
(for example, within a single building or branch office) are well
connected. A typical example is a LAN in a branch office of a company.
All of the computers may be connected together using Ethernet, and
routing and switching technology may be in place to reduce network
congestion.
Often, however, domain controllers are located
across various states, countries, and even continents. In such a
situation, network connectivity is usually much slower, less reliable,
and more costly than that for the equivalent LAN. Therefore, Active
Directory replication must accommodate accordingly. When managing
replication traffic within Active Directory sites, you need to be aware
of two types of synchronization:
Intrasite
Intrasite replication
refers to the synchronization of Active Directory information between
domain controllers that are located in the same site. In accordance
with the concept of sites, these machines are usually well connected by
a high-speed LAN.
Intersite
Intersite replication
occurs between domain controllers in different sites. Usually, this
means that there is a WAN or other type of low-speed network connection
between the various machines. Intersite replication is optimized for
minimizing the amount of network traffic that occurs between sites.
In the following sections, you'll look at ways to
configure both intrasite and intersite replication. Additionally,
you'll see features of Active Directory replication architecture that
you can use to accommodate the needs of almost any environment.
1. Intrasite Replication
Intrasite replication is generally a simple process.
One domain controller contacts the others in the same site when changes
to its copy of Active Directory are made. It compares the update
sequence numbers in its own copy of Active Directory with that of the
other domain controllers, then the most current information is chosen
by the DC in question, and all domain controllers within the site use
this information to make the necessary updates to their database.
Because you can assume that the domain controllers
within an Active Directory site are well connected, you can pay less
attention to exactly when and how replication takes place.
Communications between domain controllers occur using the Remote Procedure Call (RPC) protocol.
This protocol is optimized for transmitting and synchronizing
information on fast and reliable network connections. The RPC protocol
provides for fast replication at the expense of network bandwidth,
which is usually readily available because most LANs today are running
on Fast Ethernet (100Mbps) at a minimum.
2. Intersite Replication
Intersite replication is optimized for low-bandwidth
situations and network connections that have less reliability.
Intersite replication offers several features that are tailored toward
these types of connections. To begin with, two different protocols may
be used to transfer information between sites:
RPC over IP
When connectivity is fairly reliable, IP is a
good choice. IP-based communications require you to have a live
connection between two or more domain controllers in different sites
and let you transfer Active Directory information. RPC over IP was
originally designed for slower WANs in which packet loss and corruption
may occur often. As such, it is a good choice for low-quality
connections involved in intersite replication.
Simple Mail Transfer Protocol (SMTP)
Simple Mail Transfer Protocol (SMTP)
is perhaps best known as the protocol that is used to send and receive
email messages on the Internet. SMTP was designed to use a
store-and-forward mechanism through which a server receives a copy of a
message, records it to disk, and then attempts to forward it to another
email server. If the destination server is unavailable, it holds the
message and attempts to resend it at periodic intervals.
This type of communication is extremely useful for
situations in which network connections are unreliable or not always
available. If, for instance, a branch office in Peru is connected to
the corporate office by a dial-up connection that is available only
during certain hours, SMTP would be a good choice for communication
with that branch.
SMTP is an inherently insecure network protocol.
Therefore, if you would like to ensure that you transfer replication
traffic securely and you use SMTP for Active Directory replication, you
must take advantage of Windows Server 2008's Certificate Services
functionality.
Other intersite replication characteristics are
designed to address low-bandwidth situations and less reliable network
connections. These features give you a high degree of flexibility in
controlling replication configuration. They include the following:
Compression of Active Directory information.
This compression is helpful because changes between domain controllers
in remote sites may include a large amount of information and also
because network bandwidth tends to be less available and more costly.
Site links and site link bridges help determine intersite replication topology.
Replication can occur based on a schedule defined by systems administrators.
You can configure intersite replication by using the
Active Directory Sites And Services tool. Select the name of the site
for which you want to configure settings. Then, right-click the NTDS
Site Settings object in the right windowpane, and select Properties. By
clicking the Change Schedule button in the NTDS Site Settings
Properties dialog box, you'll be able to configure how often
replication between sites will occur (see Figure 1).
