Inter-site Replication

Dividing a Windows 2000 network into sites eases the network traffic flowing across slow WAN links, leaving more bandwidth available for other things.

By Brien M. Posey | Posted Oct 8, 2000
Page 1 of 3
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

In Part 1 of this series, Using Sites in Windows 2000 , I discuss how breaking your Active Directory into sites can help reduce the amount of traffic on your low-speed network links by regulating how often Active Directory information is replicated. In this article, I'll continue the discussion with a look at configuring inter-site replication. As I do, I'll discuss some of the issues you'll face, such as site link costs and the various replication protocols that can be used by site links.

Before I get into discussing site links, it's important to understand the purpose of dividing your network into sites. Without a clear understanding of this, it's impossible to optimize your network's performance. Dividing a network into sites eases the network traffic flowing across slow WAN links. Active Directory servers in the same site replicate information with each other frequently, whereas servers in different sites replicate information much less often. The less replication traffic that flows across your WAN links, the more bandwidth is available for other types of network traffic.

With that said, it's important to point out that simply breaking a network into sites isn't enough. Sites won't replicate anything unless you tell them to. You do so through a site link. The site link is the component that tells Windows 2000 which sites to share replication information with.

Exchange 5.x Replication

As you may know, the Windows 2000 Active Directory is very closely related to the directory service found in Exchange 5.x. However, replication is one area in which the two product's directories function differently. Exchange requires a site connector (or an X.400 connector) to make sites aware of each other. Once the sites are linked by a site connector, you must add a directory replication connector to make the linked sites replicate directory information. In Windows 2000, all these tasks are controlled by a single module: the site link.

When you create each site on your network, Windows 2000 connects the site to a default site link called DEFAULTIPSITELINK, unless you tell it otherwise. This site link uses the IP protocol to join all the sites in your network. However, simply using the default site link may not be your best option, particularly on networks that have redundant connections. Regardless of your situation, it's almost always more effective to use a custom site link than to use the default.

The process of creating a custom site link has five basic steps:

  1. Create the site link.
  2. Configure the site link's associated attributes.
  3. Create site link bridges.
  4. Configure connection objects. (This step is optional.)
  5. Designate a preferred bridgehead server. (This step is optional)

Let's examine each of these steps.

Step 1  Create the Site Link

To create your initial site link, load the AD Sites and Services snap-in for Microsoft Management Console (MMC) by selecting Start|Programs|Administrative Tools|Active Directory Sites and Services. You must now decide which replication protocol you intend to use: IP or SMTP.

As the name implies, IP replication uses the IP protocol to replicate Active Directory information within sites and between them. It's the preferred replication protocol in most situations. By default, IP replication is subject to any replication schedules that you set up, although you can tell it to ignore the schedules.

SMTP replication, on the other hand, is used only to replicate information between sites. SMTP replication typically uses an asynchronous connection (dial-up) and therefore ignores any set replication schedules because of the lack of a permanent connection. Unlike IP-based replication, SMTP-based replication requires a digital certificate from a valid certificate authority to verify the authenticity of the Active Directory updates that are being replicated. If you need information on setting up a certificate authority, check out my article series on setting up a certificate server ( Why set up a certificate server? ).

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter