Introduction
Active Directory needs information about the network to determine how
domain controllers should replicate and what domain controller(s) are
optimal for a given client to authenticate with. This network
information is often referred to as the site or replication topology,
and consists of numerous object types that represent various aspects
of the network.
At a high level, a site is a collection of high-speed LAN segments.
One or more subnets can be associated with a site, and this mapping
is used to determine which site a client (based on IP address)
belongs to. Sites are connected via site links, which are analogous
to WAN connections. Finally, each domain controller in a site has one
or more connection objects, which defines a replication connection to
another domain controller.
These site topology objects are contained under the
Sites container within the Configuration naming
context. Figure 11-1 shows an example of the site
topology hierarchy using the Active Directory Sites and Services
snap-in.
Directly under the Sites container are the
individual site containers, plus containers that store the site link
objects (cn=Inter-site
Transports) and subnets
(cn=Subnets). There are three objects included
within a site, an NTDS Site
Settings (nTDSSiteSettings)
object that contains attributes that can customize replication
behavior for the whole site, a License
Site Settings
(licensingSiteSettings) object that can be used to
direct hosts within the site to the appropriate licensing server, and
a Servers container. The
Servers container contains a
server object for each of the domain controllers
that are members of the site, along with any other servers that need
to be represented in the site topology (e.g., DFS servers).
A server object can contain a
NTDS Settings
(nTDSDSA) object, which distinguishes domain
controller server objects from other
server objects. The NTDS
Settings object stores several attributes that are
used to customize replication behavior for a specific domain
controller. The NTDS Settings
object can contain one or more nTDSConnection
objects, which define the replication connections between domain
controllers.
The Anatomy of Site Topology Objects
Table 11-1 through Table 11-7 contain some of the important attributes of the
various site topology objects.
Table 11-1. Attributes of site objects|
cn
|
RDN of the object. This is the name of the site (e.g., Raleigh).
|
gpLink
|
Contains a prioritized list of GPOs that are linked to the site.
|
siteObjectBL
|
Multivalued attribute that contains a list of distinguished names for
each subnet that is associated with the site.
|
Table 11-2. Attributes of nTDSSiteSettings objects|
cn
|
RDN of the object, which is always equal to NTDS
Site Settings.
|
interSiteTopologyGenerator
|
Distinguished name of the NTDS Settings object of the current
Inter-site Topology Generator (ISTG).
|
msDS-Preferred-GC-Site
|
If universal group caching is enabled, this contains the
distinguished name of the site that domain controllers should refresh
their cache from. This attribute is new to Windows Server 2003. See
Recipe 7.9 for more information.
|
options
|
Bit flag that determines if universal group caching is enabled,
whether site link transitivity is disabled, and if replication
schedules should be ignored. For more information see Recipe 11.11.
|
schedule
|
Octet string that represents the default replication schedule for the
site.
|
Table 11-3. Attributes of subnet objects|
cn
|
RDN of the object. Contains the network number and bit mask for the
subnet (e.g., 10.1.3.0/24).
|
siteObject
|
Distinguished name of the site object the subnet is associated with.
|
Table 11-4. Attributes of siteLink objects|
cn
|
RDN of the object. Contains the name of the link.
|
cost
|
Number that represents the site link cost. See Recipe 11.10 for more information.
|
replInterval
|
Interval in minutes that replication occurs over the site link.
|
schedule
|
Octet string that represents the replication schedule for the site
link.
|
siteList
|
Multivalued list of distinguished names of each site that is
associated with the site link. See Recipe 11.8 for more information.
|
Table 11-5. Attributes of server objects|
bridgeheadTransportList
|
Multivalued attribute that contains the list of transports (e.g., IP
or SMTP) for which the server is a preferred bridgehead server.
|
cn
|
RDN of the object. This is set to the hostname of the associated
server.
|
dNSHostName
|
Fully qualified domain name of the server. This attribute is
automatically maintained for domain controllers.
|
serverReference
|
Distinguished name of the corresponding computer
object contained within one of the domain-naming contexts.
|
Table 11-6. Attributes of nTDSDSA (NTDS Settings) objects|
cn
|
RDN of the object, which is always equal to NTDS
Settings.
|
invocationID
|
GUID that represents the DIT (ntds.dit) on the domain controller.
|
hasMasterNCs
|
Multivalued attribute containing the list of writeable naming
contexts (does not include application partitions) stored on the
domain controller.
|
hasPartialReplicaNCs
|
Multivalued attribute containing the list of read-only naming
contexts stored on the domain controller. This will be populated only
if the domain controller is a global catalog server.
|
msDS-Behavior-Version
|
Number that represents the functional level (i.e., operating system)
of the domain controller. This attribute is new to Windows Server
2003.
|
msDS-HasDomainNCs
|
Contains the distinguished name of the writeable Domain naming
context stored on the domain controller. This attribute is new to
Windows Server 2003.
|
msDs-HasInstantiatedNCs
|
A combination of all available read-only and writeable naming
contexts stored on the domain controller. This attribute is new to
Windows Server 2003.
|
msDS-hasPartialReplicaNCs
|
Multivalued attribute that contains distinguished names of each
read-only naming context stored on the domain controller. This will
be populated only if the domain controller is a global catalog
server. This attribute is new to Windows Server 2003.
|
msDS-hasMasterNCs
|
Multivalued attribute that contains distinguished names of each
writeable naming context and application partition stored on the
domain controller. This attribute is new to Windows Server 2003.
|
options
|
Bit flag that determines if domain controller is a global catalog
server.
|
queryPolicyObject
|
If set, the distinguished name of LDAP query policy object to be used
by the domain controller.
|
Table 11-7. Attributes of nTDSConnection objects|
cn
|
RDN of the object. For Knowledge Consistency Checker (KCC) generated
connections, this is a GUID.
|
enabledConnection
|
Boolean that indicates if the connection is available to be used.
|
fromServer
|
Distinguished name of the NTDS Settings object of
the domain controller this connection replicates with.
|
ms-DS-ReplicatesNCReason
|
Multivalued attribute that stores reason codes for why the connection
exists. There will be one entry per naming context the connection is
used for.
|
options
|
Bit flag where a value of 1 indicates the connection was created by
the KCC and a value of 0 means the connection was manually created.
See Recipe 11.22 for more information.
|
schedule
|
Octet string that represents the replication schedule for the site
link.
|
transportType
|
Distinguished name of the transport type (e.g., IP or SMTP) that is
used for the connection.
|
|