-------------------------------------------------------------------- SearchWin2000.com's Administrator Tip -------------------------------------------------------------------- TODAY'S ADMINISTRATOR TIP: Replicate Active Directory sites ==================================================================== SPONSORED BY: Quest Software -------------------------------------------------------------------- Quest Software -- Role-based Administration for Active Directory FastLane ActiveRoles provides role-based administration to simplify management of Active Directory and Windows 2000. ActiveRoles leverages native AD capabililties and allows administrators to define and enforce policies for consistent directory data across the enterprise. Request your evaluation copy today: http://www.quest.com/landing/searchwin2k_activeroles.asp ==================================================================== "Replicate Active Directory sites" By Curt Simmons Active Directory (AD) needs site replication to stay current. This tip, excerpted from InformIT, by Curt Simmons, author of "Creating Active Directory Infrastructures," provides some pointers on setting up that replication. -------------------------------------------------------------------- Of the two kinds of site replication in Active Directory, intrasite and intersite, the latter is a more difficult animal to configure. You help the Active Directory understand what WAN connections are available between your sites and how the Active Directory should manage data. The process of managing replication between sites is a lot like walking a balancing beam -- you have to balance what you want in terms of replication with what your WAN links can physically manage. Without a doubt, the more replication that occurs between sites, the more accurate the database will be all of the time. In most environments, however, constant replication over WAN links is not a practical solution. Therefore, most administrators are faced with a trade-off between data accuracy and time. In Active Directory terms, the time required to replicate data from domain controller to domain controller and site to site is called "latency." As an administrator, the trick is to find the best replication balance to manage traffic between sites while keeping database data as accurate as possible. In other words, you want to reduce latency as much as possible. Intersite replication is based on site links. Sites are connected by some kind of WAN communication link. This may be something as grand as a T3 link, or as small as a VPN or modem connection. Depending on how your sites are connected, you configure site links in the Active Directory. These site links define the WAN connections that are between your sites. After the Active Directory understands how your sites are linked together, you can then begin to implement control features that can help you find the balance between accurate data and latency that is right for your organization. Unfortunately, there are no hard and fast rules -- the Active Directory is flexible enough to allow you to find the balance that is right for your needs. So, you need to understand the concepts and then spend some time experimenting to find the balance that is right for you. Cost: Your initial management task is to assign a cost to each site link. The cost of each site link is based on an arbitrary number that you assign to it. The Active Directory uses this cost to determine which site links have precedent over other site links. Lower-cost site links are favored over higher-cost site links. For example, let's say I have a Boston site and a Houston site. I have a T1 WAN connection between the two sites, but I also have a backup VPN connection. For replication, I want to make certain that replication always occurs over the T1 link, unless the link is down. If the link is down, the VPN link can be used. So, in terms of cost, I might give the T1 site link a cost of 10, whereas the VPN link might have a cost of 50. Using these numbers, the Active Directory always uses the lowest-cost link over the higher-cost link. With the cost assignment, I can rest assured that my best WAN connection between the two sites will always be utilized first. Schedule: Your next management tactic is to use schedules carefully and wisely. In intrasite replication, replication occurs frequently and without a schedule. In intersite replication, you can use a schedule to determine how often replication can occur. The idea is to provide a schedule that allows replication to occur as frequently as possible, but does not use too much bandwidth during peak network hours. For example, if you know that your environment uses a lot of intersite bandwidth between the work hours of 10:00 a.m. and 2:00 p.m., you might create a schedule that restricts replication during those hours. How you schedule replication is entirely up to you, but once again, you'll want to find that fine balance between data accuracy and latency that is acceptable for your network. Servers: For best replication performance, you should have at least one global catalog server in each site. In reality, the global catalog server may increase replication traffic, but it decreases user traffic over the WAN link, which leaves more room for replication. Also, consider placing a DNS server in each site, and make sure that the site clients connect to that DNS server for service, which will help reduce DNS traffic over the WAN link. As you might imagine, one of the best things you can do to manage site replication traffic is to sit down with a pencil and paper and carefully plan your Active Directory infrastructure. Careful planning and the application of site configuration knowledge on your part will help you develop sites and replication plans that will meet the needs of your network and give you the best replication speed possible. -------------------------------------------------------------------- To read this entire tip, click the link below to visit InformIT. You have to register to read the tip, but it's free. [http://www.informit.com/myinformit/login/index.asp?session_id={C096C08C-238E-4134-B284-D0B32B5DEA3D}&t={6373D50E-EF0B-4084-B8A7-032653E262E2}&n={211F1130-8B67-45AE-8C82-2804428F41A0}] To learn more about "Creating Active Directory Infrastructures," or to buy the book, visit http://www.digitalguru.com/dgstore/product.asp?isbn=0130876313&ac_id=73. ==================================================================== SPONSORED BY: ConfigureSoft -------------------------------------------------------------------- Secure Your Enterprise - With Enterprise Configuration Manager Configuration problems cause the majority of security breaches. ECM is the only tool that allows you to explore and manage security configurations in sufficient detail to eliminate these errors before breaches occur. ECM 3.5 collects thousands of configuration settings from every machine in your network, provides group and enterprise views of security-related data, and compares actual settings to established standards. It also enables you to fix most problems from the central console. Find out what ECM collects and how you can secure your enterprise using ECM at http://ad.doubleclick.net/clk;2970280;5058249;m?http://www.configuresoft.com/getuserinfo.asp?code=swk0612s ==================================================================== WIN! WIN! WIN! -------------------------------------------------------------------- Our June Tip of the Month contest just got started. DON'T MISS YOUR CHANCE TO WIN THIS MONTH'S PRIZE - A TOSHIBA DVD-ROM/CD-RW BURNER! Check out last month's winning tips and this month's prize, or submit a tip of your own today! Just go to http://searchwin2000.techtarget.com/tipsHallOfFame/0,289489,sid1_prz555787_cts555785,00.html. ==================================================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DID YOU LIKE THIS TIP? ==================================================================== Whether you loved it or hated it, why not let us know? E-mail us at mailto:[EMAIL PROTECTED] to sound off. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ==================================================================== If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://searchWin2000.techtarget.com/register and adjust your subscriptions accordingly. If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
