DekGenius.com
[ Team LiB ] Previous Section Next Section

Introduction

Active Directory needs information about the network to determine how domain controllers should replicate and what domain controller(s) are optimal for a given client to authenticate with. This network information is often referred to as the site or replication topology, and consists of numerous object types that represent various aspects of the network.

At a high level, a site is a collection of high-speed LAN segments. One or more subnets can be associated with a site, and this mapping is used to determine which site a client (based on IP address) belongs to. Sites are connected via site links, which are analogous to WAN connections. Finally, each domain controller in a site has one or more connection objects, which defines a replication connection to another domain controller.

These site topology objects are contained under the Sites container within the Configuration naming context. Figure 11-1 shows an example of the site topology hierarchy using the Active Directory Sites and Services snap-in.

Figure 11-1. Site topology hierarchy
figs/adcb_1101.gif

Directly under the Sites container are the individual site containers, plus containers that store the site link objects (cn=Inter-site Transports) and subnets (cn=Subnets). There are three objects included within a site, an NTDS Site Settings (nTDSSiteSettings) object that contains attributes that can customize replication behavior for the whole site, a License Site Settings (licensingSiteSettings) object that can be used to direct hosts within the site to the appropriate licensing server, and a Servers container. The Servers container contains a server object for each of the domain controllers that are members of the site, along with any other servers that need to be represented in the site topology (e.g., DFS servers).

A server object can contain a NTDS Settings (nTDSDSA) object, which distinguishes domain controller server objects from other server objects. The NTDS Settings object stores several attributes that are used to customize replication behavior for a specific domain controller. The NTDS Settings object can contain one or more nTDSConnection objects, which define the replication connections between domain controllers.

The Anatomy of Site Topology Objects

Table 11-1 through Table 11-7 contain some of the important attributes of the various site topology objects.

Table 11-1. Attributes of site objects

Attribute

Description

cn

RDN of the object. This is the name of the site (e.g., Raleigh).

gpLink

Contains a prioritized list of GPOs that are linked to the site.

siteObjectBL

Multivalued attribute that contains a list of distinguished names for each subnet that is associated with the site.

Table 11-2. Attributes of nTDSSiteSettings objects

Attribute

Description

cn

RDN of the object, which is always equal to NTDS Site Settings.

interSiteTopologyGenerator

Distinguished name of the NTDS Settings object of the current Inter-site Topology Generator (ISTG).

msDS-Preferred-GC-Site

If universal group caching is enabled, this contains the distinguished name of the site that domain controllers should refresh their cache from. This attribute is new to Windows Server 2003. See Recipe 7.9 for more information.

options

Bit flag that determines if universal group caching is enabled, whether site link transitivity is disabled, and if replication schedules should be ignored. For more information see Recipe 11.11.

schedule

Octet string that represents the default replication schedule for the site.

Table 11-3. Attributes of subnet objects

Attribute

Description

cn

RDN of the object. Contains the network number and bit mask for the subnet (e.g., 10.1.3.0/24).

siteObject

Distinguished name of the site object the subnet is associated with.

Table 11-4. Attributes of siteLink objects

Attribute

Description

cn

RDN of the object. Contains the name of the link.

cost

Number that represents the site link cost. See Recipe 11.10 for more information.

replInterval

Interval in minutes that replication occurs over the site link.

schedule

Octet string that represents the replication schedule for the site link.

siteList

Multivalued list of distinguished names of each site that is associated with the site link. See Recipe 11.8 for more information.

Table 11-5. Attributes of server objects

Attribute

Description

bridgeheadTransportList

Multivalued attribute that contains the list of transports (e.g., IP or SMTP) for which the server is a preferred bridgehead server.

cn

RDN of the object. This is set to the hostname of the associated server.

dNSHostName

Fully qualified domain name of the server. This attribute is automatically maintained for domain controllers.

serverReference

Distinguished name of the corresponding computer object contained within one of the domain-naming contexts.

Table 11-6. Attributes of nTDSDSA (NTDS Settings) objects

Attribute

Description

cn

RDN of the object, which is always equal to NTDS Settings.

invocationID

GUID that represents the DIT (ntds.dit) on the domain controller.

hasMasterNCs

Multivalued attribute containing the list of writeable naming contexts (does not include application partitions) stored on the domain controller.

hasPartialReplicaNCs

Multivalued attribute containing the list of read-only naming contexts stored on the domain controller. This will be populated only if the domain controller is a global catalog server.

msDS-Behavior-Version

Number that represents the functional level (i.e., operating system) of the domain controller. This attribute is new to Windows Server 2003.

msDS-HasDomainNCs

Contains the distinguished name of the writeable Domain naming context stored on the domain controller. This attribute is new to Windows Server 2003.

msDs-HasInstantiatedNCs

A combination of all available read-only and writeable naming contexts stored on the domain controller. This attribute is new to Windows Server 2003.

msDS-hasPartialReplicaNCs

Multivalued attribute that contains distinguished names of each read-only naming context stored on the domain controller. This will be populated only if the domain controller is a global catalog server. This attribute is new to Windows Server 2003.

msDS-hasMasterNCs

Multivalued attribute that contains distinguished names of each writeable naming context and application partition stored on the domain controller. This attribute is new to Windows Server 2003.

options

Bit flag that determines if domain controller is a global catalog server.

queryPolicyObject

If set, the distinguished name of LDAP query policy object to be used by the domain controller.

Table 11-7. Attributes of nTDSConnection objects

Attribute

Description

cn

RDN of the object. For Knowledge Consistency Checker (KCC) generated connections, this is a GUID.

enabledConnection

Boolean that indicates if the connection is available to be used.

fromServer

Distinguished name of the NTDS Settings object of the domain controller this connection replicates with.

ms-DS-ReplicatesNCReason

Multivalued attribute that stores reason codes for why the connection exists. There will be one entry per naming context the connection is used for.

options

Bit flag where a value of 1 indicates the connection was created by the KCC and a value of 0 means the connection was manually created. See Recipe 11.22 for more information.

schedule

Octet string that represents the replication schedule for the site link.

transportType

Distinguished name of the transport type (e.g., IP or SMTP) that is used for the connection.

    [ Team LiB ] Previous Section Next Section