Replication 1

What is a site?

A site is a grouping of one or more TCP/IP subnets that defines the physical structure of a network. A geographical location (Branch) of a company is practically considered a site.

What is Site and what are the advantages of sites?

Site consists of one or more IP subnets connected by a high speed link. Wide area networks should employ multiple sites for efficiently handling servicing requests and reducing replication traffic. Sites map the physical structure of your network whereas domains.

Active directory sites and services allow you to specify site information. Active directory uses this information to determine how best to use available network resources.

This makes the following types of operation more efficient:

Service Requests

When a client requests a service from a domain controller, it directs the request to a domain controller in the same site. Selecting a domain controller that is well connected to the client make handling the request more efficient.

Replication

Site streamlines replication of directory information and reduces replication traffic.

Site membership is determined differently for domain controllers and clients. A client determines it is in when it is turned on, so its site location will often be dynamically updated. A domain controllers site location is established by which site its server object belongs to in the directory, so its site location will be consistent unless the domain controllers server object is intentionally moved to a differ site.

What is the default site link cost?

It is 100

Automatic Site Coverage:?

    Automatic site coverage is a dynamic process. If a domain controller in a particular site is unavailable, other domain controllers will automatically configure the site coverage records for the site.

Default Application Partition for DNS:?

 When you install DNS while you are promoting the first server in the forest to be a domain controller two new application directory partitions are created in ADS.

 These partitions are the

 Domain DNS Zones - Domain controller records.

 Forest DNS Zones partitions.

Forest DNS zones partitions: Contains domain subzone that list the entire domain GUID and the list the domain controllers each of the domains. The Forest DNS Zone partitions list all of the domain controllers by GUID in the entire forest and list all the Global catalog servers in the forest.

 The MSDCS subzone is stored in the forest DNS zones partition.

Process for Troubleshooting ADS Replication Failures:?

  Test for authentication and authorization errors; if you receiving access denied errors during replication, then there is a problem with authentication and authorization. To identify the cause of the security error, run the

Dsdiag/test:  check security error/s: Dc Name.

  To test the connection between two domain controllers for replication security error, run

Dsdiag/test: check security error/ Resource: source domain controller Name.

This command tests the connection between the domain controller on which you run the command and the source domain controller.

Why do deleted Active Directory objects sometimes reappear?

 It's one of the strangest things that can happen in Active Directory (AD): you delete an object, such as a user, group or Organization Unit (OU), then a few minutes or even days later the object mysteriously reappears. Generally, deleting the object a second time makes it "stick" but reappearing objects-especially users and groups can have serious security implications. After all, if a user account reappears, it can be used to access domain resources. So where do deleted objects come back from and how can you prevent it from happening in the future?

AD Replication

Remember that every time an object is changed, its update sequence Number (USN) is incremented. When the object is replicated it comes from the domain controller that has the highest USN for the object and the object overwrites any older copies on other domain controllers.

When you delete an object from AD, it does not go away immediately. Instead the object is Tomstoned meaning AD places a special marker on it indicating that the object is no longer active. The tombstone itself has a USN and is replicated to all domain controllers in the domain 60 days after the tombstone; all domain controllers independently remove the object from their copy of the AD database.

There are few situations in which the tombstone can be removed and even situations in which a tombstone and deleted object can mysteriously reappear. You will need to review these possible situations to determine which occurred in your environment and take steps to prevent it from happening again.