Your company has a main office and three branch offices. The company has an Active
Directory forest that has a single domain. Each office has one domain controller. Each office
is configured as an Active Directory site.
All sites are connected with the DEFAULTIPSITELINK object.
You need to decrease the replication latency between the domain controllers.
What should you do?
A.
Decrease the replication schedule for the DEFAULTIPSITELINK object.
B.
Decrease the replication interval for the DEFAULTIPSITELINK object.
C.
Decrease the cost between the connection objects.
D.
Decrease the replication interval for all connection objects.
Explanation:
Answer) Decrease the replication interval for the DEFAULTIPSITELINK object.
Personal comment:
All sites are connected with the DEFAULTIPSITELINK object. <- this roughly translates into
all sites are connected with the first domain controller in the forest
So the topology is star shaped.
Thus, decreasing the cost between the connection objects will offer no benefit.
We know we have multiple sites linked and are using a DEFAULTIPSITELINK object.
Thus, the most plausible answer is to decrease the replication interval for
DEFAULTIPSITELINK.http://www.informit.com/articles/article.aspx?p=26866&seqNum=5
Understanding Active Directory, Part III
Replication
Active Directory replication between domain controllers is managed by the system
administrator on a site-bysite basis. As domain controllers are added, a replication path must
be established. This is done by the Knowledge Consistency Checker (KCC), coupled with
Active Directory replication components. The KCC is a dynamic process that runs on all
domain controllers to create and modify the replication topology. If a domain controller fails,
the KCC automatically creates new paths to the remaining domain controllers. Manual
intervention with the KCC will also force a new path.
The Active Directory replaces PDCs and BDCs with multimaster replication services. Each
domain controller retains a copy of the entire directory for that particular domain. As changes
are made in one domain controller, the originator communicates these changes to the peer
domain controllers. The directory data itself is stored in the ntds.dit file.
Active Directory replication uses the Remote Procedure Call (RPC) over IP to conduct
replication within a site. Replication between sites can utilize either RPC or the Simple MailTransfer Protocol (SMTP) for data transmission. The default intersite replication protocol is
RPC.
Intersite and Intrasite Replication
There are distinct differences in internal and intersite domain controller replication. In theory,
the network bandwidth within a site is sufficient to handle all network traffic associated with
replication and other Active Directory activities. By the definition of a site, the network must
be reliable and fast. A change notification process is initiated when modifications occur on a
domain controller. The domain controller waits for a configurable period (by default, five
minutes) before it forwards a message to its replication partners. During this interval, it
continues to accept changes. Upon receiving a message, the partner domain controllers
copy the modification from the original domain controller. In the event that no changes were
noted during a configurable period (six hours, by default), a replication sequence ensures
that all possible modifications are communicated. Replication within a site involves the
transmission of uncompressed data.
NOTE
Security-related modifications are replicated within a site immediately. These changes
include account and individual user lockout policies, changes to password policies, changes
to computer account passwords, and modifications to the Local Security Authority (LSA).
Replication between sites assumes that there are network-connectivity problems, including
insufficient bandwidth, reliability, and increased cost. Therefore, the Active Directory permits
the system to make decisions on the type, frequency, and timing of intersite replication. All
replication objects transmitted between sites are compressed, which may reduce traffic by
10 to 25 percent, but because this is not sufficient to guarantee proper replication, the
system administrator has the responsibility of scheduling intersite replication.
Replication Component Objects
Whereas the KCC represents the process elements associated with replication, the following
comprise the Active Directory object components:
Connection object. Domain controllers become replication “partners” when linked by a
connection object.
This is represented by a one-way path between two domain controller server objects.
Connection objects are created by the KCC by default. They can also be manually created
by the system administrator.
NTDS settings object. The NTDS settings object is a container that is automatically created
by the Active Directory. It contains all of the connection objects, and is a child of the server
object.
Server object. The Active Directory represents every computer as a computer object. The
domain controller is also represented by a computer object, plus a specially created server
object. The server object’s parent is the site object that defines its IP subnet. However, in the
event that the domain controller server object was created prior to site creation, it will be
necessary to manually define the IP subnet to properly assign the domain controller a site.
When it is necessary to link multiple sites, two additional objects are created to manage the
replication topology.
Site link. The site link object specifies a series of values (cost, interval, and schedule) that
define the connection between sites. The KCC uses these values to manage replication and
to modify the replication path if it detects a more efficient one. The Active Directory
DEFAULTIPSITELINK is used by default until the system administrator intervenes. The cost
value, ranging from 1 to 32767, is an arbitrary estimate of the actual cost of data
transmission as defined bandwidth. The interval value sets the number of times replication
will occur: 15 minutes to a maximum of once a week (or 10080 minutes) is the minimum;
three hours is the default. The schedule interval establishes the time when replication shouldoccur. Although replication can be at any time by default, the system administrator may want
to schedule it only during offpeak network hours.
Site link bridges. The site link bridge object defines a set of links that communicate via the
same protocol. By default, all site links use the same protocol, and are transitive. Moreover,
they belong to a single site link bridge. No configuration is necessary to the site link bridge if
the IP network is fully routed. Otherwise, manual configuration may be necessary.
Further information:
http://technet.microsoft.com/en-us/library/cc775549%28v=ws.10%29.aspx
What Is Active Directory Replication Topology?
Replication of updates to Active Directory objects are transmitted between multiple domain
controllers to keep replicas of directory partitions synchronized. Multiple domains are
common in large organizations, as are multiple sites in disparate locations. In addition,
domain controllers for the same domain are commonly placed in more than one site.
Therefore, replication must often occur both within sites and between sites to keep domain
and forest data consistent among domain controllers that store the same directory partitions.
Site objects can be configured to include a set of subnets that provide local area network
(LAN) network speeds. As such, replication within sites generally occurs at high speeds
between domain controllers that are on the same network segment. Similarly, site link
objects can be configured to represent the wide area network (WAN) links that connect
LANs.
Replication between sites usually occurs over these WAN links, which might be costly in
terms of bandwidth.
To accommodate the differences in distance and cost of replication within a site and
replication between sites, the intrasite replication topology is created to optimize speed, and
the intersite replication topology is created to minimize cost.
The Knowledge Consistency Checker (KCC) is a distributed application that runs on every
domain controller and is responsible for creating the connections between domain
controllers that collectively form the replication topology. The KCC uses Active Directory
data to determine where (from what source domain controller to what destination domain
controller) to create these connections.
..
The following diagram shows the interaction of these technologies with the replication
topology, which is indicated by the two-way connections between each set of domain
controllers.
Replication Topology and Dependent Technologieshttp://technet.microsoft.com/en-us/library/cc755994%28v=ws.10%29.aspx
How Active Directory Replication Topology Works
..
Replication Topology Physical Structure
The Active Directory replication topology can use many different components. Some
components are required and others are not required but are available for optimization. The
following diagram illustrates most replication topology components and their place in a
sample Active Directory multisite and multidomain forest. The depiction of the intersite
topology that uses multiple bridgehead servers for each domain assumes that at least one
domain controller in each site is running at least Windows Server 2003. All components of
this diagram and their interactions are explained in detail later in this section.
Replication Topology Physical StructureIn the preceding diagram, all servers are domain controllers. They independently use global
knowledge of onfiguration data to generate one-way, inbound connection objects. The KCCs
in a site collectively create an intrasite topology for all domain controllers in the site. The
ISTGs from all sites collectively create an intersite topology. Within sites, one-way arrows
indicate the inbound connections by which each domain controller replicates changes from
its partner in the ring. For intersite replication, one-way arrows represent inbound
connections that are created by the ISTG of each site from bridgehead servers (BH) for the
same domain (or from a global catalog server [GC] acting as a bridgehead if the domain is
not present in the site) in other sites that share a site link. Domains are indicated as D1, D2,
D3, and D4.
Each site in the diagram represents a physical LAN in the network, and each LAN is
represented as a site object in Active Directory. Heavy solid lines between sites indicate
WAN links over which two-way replication can occur, and each WAN link is represented in
Active Directory as a site link object. Site link objects allow connections to be created
between bridgehead servers in each site that is connected by the site link.
Not shown in the diagram is that where TCP/IP WAN links are available, replication between
sites uses the RPC replication transport. RPC is always used within sites. The site linkbetween Site A and Site D uses the SMTP protocol for the replication transport to replicate
the configuration and schema directory partitions and global catalog partial, read-only
directory partitions. Although the SMTP transport cannot be used to replicate writable
domain directory partitions, this transport is required because a TCP/IP connection is not
available between Site A and Site D. This configuration is acceptable for replication because
Site D does not host domain controllers for any domains that must be replicated over the site
link A-D.
By default, site links A-B and A-C are transitive (bridged), which means that replication of
domain D2 is possible between Site B and Site C, although no site link connects the two
sites. The cost values on site links A-B and A-C are site link settings that determine the
routing preference for replication, which is based on the aggregated cost of available site
links. The cost of a direct connection between Site C and Site B is the sum of costs on site
links A-B and A-C. For this reason, replication between Site B and Site C is automatically
routed through Site A to avoid the more expensive, transitive route. Connections are created
between Site B and Site
C only if replication through Site A becomes impossible due to network or bridgehead server
conditions.
…
Control Replication Latency and Cost
Replication latency is inherent in a multimaster directory service. A period of replication
latency begins when a directory update occurs on an originating domain controller and ends
when replication of the change is received on the last domain controller in the forest that
requires the change. Generally, the latency that is inherent in a WAN link is relative to a
combination of the speed of the connection and the available bandwidth.
Replication cost is an administrative value that can be used to indicate the latency that is
associated with different replication routes between sites. A lower-cost route is preferred by
the ISTG when generating the replication topology.
Site topology is the topology as represented by the physical network: the LANs and WANs
that connect domain controllers in a forest. The replication topology is built to use the site
topology. The site topology is represented in Active Directory by site objects and site link
objects. These objects influence Active Directory replication to achieve the best balance
between replication speed and the cost of bandwidth utilization by distinguishing between
replication that occurs within a site and replication that must span sites. When the KCC
creates replication connections between domain controllers to generate the replication
topology, it creates more connections between domain controllers in the same site than
between domain controllers in different sites.
The results are lower replication latency within a site and less replication bandwidth
utilization between sites.
Within sites, replication is optimized for speed as follows:
Connections between domain controllers in the same site are always arranged in a ring, with
possible additional connections to reduce latency.
Replication within a site is triggered by a change notification mechanism when an update
occurs, moderated by a short, configurable delay (because groups of updates frequently
occur together).
Data is sent uncompressed, and thus without the processing overhead of data compression.
Between sites, replication is optimized for minimal bandwidth usage (cost) as follows:
Replication data is compressed to minimize bandwidth consumption over WAN links.
Store-and-forward replication makes efficient use of WAN links — each update crosses an
expensive link only once.
Replication occurs at intervals that you can schedule so that use of expensive WAN links is
managed.The intersite topology is a layering of spanning trees (one intersite connection between any
two sites for each directory partition) and generally does not contain redundant connections.
…
Topology-Related Objects in Active Directory
Active Directory stores replication topology information in the configuration directory
partition. Several configuration objects define the components that are required by the KCC
to establish and implement the replication topology:
..
Site Link Objects
For a connection object to be created on a destination domain controller in one site that
specifies a source domain controller in another site, you must manually create a site link
object (class siteLink ) that connects the two sites. Site link objects identify the transport
protocol and scheduling required to replicate between two or more sites. You can use Active
Directory Sites and Services to create the site links. The KCC uses the information stored in
the properties of these site links to create the intersite topology connections.
A site link is associated with a network transport by creating the site link object in the
appropriate transport container (either IP or SMTP). All intersite domain replication must use
IP site links. The Simple Mail Transfer Protocol (SMTP) transport can be used for replication
between sites that contain domain controllers that do not host any common domain directory
partition replicas.
Site Link Properties
A site link specifies the following:
Two or more sites that are permitted to replicate with each other.
An administrator-defined cost value associated with that replication path. The cost value
controls the route that replication takes, and thus the remote sites that are used as sources
of replication information.
A schedule during which replication is permitted to occur.
An interval that determines how frequently replication occurs over this site link during the
times when the schedule allows replication.
Default Site Link
When you install Active Directory on the first domain controller in the forest, an object named
DEFAULTIPSITELINK is created in the Sites container (in the IP container within the InterSite Transports container). This site link contains only one site, Default-First-Site-Name.


Nice replies in return of this issue with real arguments and telling all about that.|