Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Active Directory
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Physical structure== ''Sites'' are physical (rather than logical) groupings defined by one or more [[Internet Protocol|IP]] subnets.<ref> {{cite web |date=21 January 2005 |title=Sites overview |url=https://technet.microsoft.com/en-us/library/cc782048(WS.10).aspx |publisher=Microsoft Corporation |quote=A site is a set of well-connected subnets.}} </ref> AD also defines connections, distinguishing low-speed (e.g., [[Wide area network|WAN]], [[Virtual private network|VPN]]) from high-speed (e.g., [[Local area network|LAN]]) links. Site definitions are independent of the domain and OU structure and are shared across the forest. Sites play a crucial role in managing network traffic created by replication and directing clients to their nearest [[domain controller]]s (DCs). [[Microsoft Exchange Server|Microsoft Exchange Server 2007]] uses the site topology for mail routing. Administrators can also define policies at the site level. The Active Directory information is physically held on one or more peer [[domain controller]]s, replacing the [[Windows NT|NT]] [[Primary Domain Controller|PDC]]/[[Backup Domain Controller|BDC]] model. Each DC has a copy of the Active Directory. Member servers joined to Active Directory that are not domain controllers are called Member Servers.<ref>{{cite web | title = Planning for domain controllers and member servers | url = https://technet.microsoft.com/en-us/library/cc737059(WS.10).aspx | publisher = Microsoft Corporation | quote = [...] member servers, [...] belong to a domain but do not contain a copy of the Active Directory data. | date = 21 January 2005 }} </ref> In the domain partition, a group of objects acts as copies of domain controllers set up as global catalogs. These global catalog servers offer a comprehensive list of all objects in the forest.<ref>{{cite web | title = What Is the Global Catalog? | url = https://technet.microsoft.com/en-us/library/cc728188(WS.10).aspx | publisher = Microsoft Corporation | date = 10 December 2009 | quote = [...] a domain controller can locate only the objects in its domain. [...] The global catalog provides the ability to locate objects from any domain [...] }}</ref><ref>{{cite web | title = Global Catalog | url = https://msdn.microsoft.com/en-us/library/ms676908%28v=vs.85%29.aspx | publisher = Microsoft Corporation }}</ref> Global Catalog servers replicate all objects from all domains to themselves, providing an international listing of entities in the forest. However, to minimize replication traffic and keep the GC's database small, only selected attributes of each object are replicated, called the ''partial attribute set'' (PAS). The PAS can be modified by modifying the schema and marking features for replication to the GC.<ref>{{cite web |date=26 August 2010 |title=Attributes Included in the Global Catalog |url=http://msdn.microsoft.com/en-us/library/ms675160%28VS.85%29.aspx |publisher=Microsoft Corporation |quote=The isMemberOfPartialAttributeSet attribute of an attributeSchema object is set to TRUE if the attribute is replicated to the global catalog. [...] When deciding whether or not to place an attribute in the global catalog remember that you are trading increased replication and increased disk storage on global catalog servers for, potentially, faster query performance.}}</ref> Earlier versions of Windows used [[NetBIOS]] to communicate. Active Directory is fully integrated with DNS and requires [[TCP/IP]]βDNS. To fully operate, the DNS server must support [[SRV record|SRV resource records]], also known as service records. ===Replication=== Active Directory uses [[multi-master replication]] to synchronize changes,<ref>{{cite web |date=21 January 2005 |title=Directory data store |url=https://technet.microsoft.com/en-us/library/cc736627(WS.10).aspx |publisher=Microsoft Corporation |quote=Active Directory uses four distinct directory partition types to store [...] data. Directory partitions contain domain, configuration, schema, and application data.}}</ref> meaning replicas pull changes from the server where the change occurred rather than being pushed to them.<ref>{{cite web |date=28 March 2003 |title=What Is the Active Directory Replication Model? |url=https://technet.microsoft.com/en-us/library/cc737314(WS.10).aspx |publisher=Microsoft Corporation |quote=Domain controllers request (pull) changes rather than send (push) changes that might not be needed.}} </ref> The Knowledge Consistency Checker (KCC) uses defined sites to manage traffic and create a replication topology of site links. Intra-site replication occurs frequently and automatically due to change notifications, which prompt peers to begin a pull replication cycle. Replication intervals between different sites are usually less consistent and don't usually use change notifications. However, it's possible to set it up to be the same as replication between locations on the same network if needed. Each [[Digital Signal 3|DS3]], [[Digital Signal 1|T1]], and [[ISDN]] link can have a cost, and the KCC alters the site link topology accordingly. Replication may occur transitively through several site links on same-protocol ''site link bridges'' if the price is low. However, KCC automatically costs a direct site-to-site link lower than transitive connections. A bridgehead server in each zone can send updates to other DCs in the exact location to replicate changes between sites. To configure replication for Active Directory zones, activate DNS in the domain based on the site. To replicate Active Directory, [[Remote procedure call|Remote Procedure Calls]] (RPC) over IP (RPC/IP) are used. [[Simple Mail Transfer Protocol|SMTP]] is used to replicate between sites but only for modifications in the Schema, Configuration, or Partial Attribute Set (Global Catalog) GCs. It's not suitable for reproducing the default Domain partition.<ref>{{cite web | title = What Is Active Directory Replication Topology? | url = https://technet.microsoft.com/en-us/library/cc775549(WS.10).aspx | publisher = Microsoft Corporation | date = 28 March 2003 | quote = SMTP can be used to transport nondomain replication [...] }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)