Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

Sites, site links, and subnets are created and modified using the
Active Directory Sites and Services console, which the following
procedures assume is opened. Make sure you are logged on as a member
of the Enterprise Admins group.

Create a New Site

Right-click on Sites container New Site specify a name for the site select a site link to associate with this site

Once you create a new
site,
you should add subnets for it to the Subnet container (see

Create a New Subnet later in this section). You
should then typically promote a member server in the site to the role
of domain controller to facilitate user logons and specify the
licensing computer for the site to ensure you're
legal.

You can delete any site you create, but you can't delete the Default-First-Site-Nameyou can only rename it as something else. Note that you can, however, delete the DEFAULTSITELINK that was created for the Default-First-Site-Name.

Configure a Site

Expand the Sites
container right-click on a site Properties

The main thing to configure here is Location, which makes it easier
to find sites in Active Directory when there are many of them. You
can also apply Group Policy to the site (see

Group

Policy earlier in
this chapter).

Create a New Site Link

Right-click on Inter-Site Transports container right-click on a transport (IP or SMTP) New Site Link specify a name add sites to the site link

Once you create a

new
site link, you should configure its settings (see the next task).

Configure a Site Link

Expand the Inter-Site Transports container select transport (IP or SMTP) right-click on a site link Properties

The key settings here


are on the General tab:

Cost

Choose a lower cost value for a WAN connection with higher bandwidth
and reliability to give preference to that connection when there are
multiple links between sites. Dial-up connections such as ISDN should
have a relatively high cost value for similar reasons. The
lower-valued cost will always be used unless it is unavailable.

Replication interval

The minimum replication interval is 15 minutes, and the maximum is
10,080 minutes (1 week). A typical choice is every few hours or so.
Click the Change Schedule button to specify times and days of the
week when the link will be unavailable for replication if needed.

Create a New Subnet

Right-click on Subnets New Subnet specify network ID and subnet mask select a site to associate with this subnet

When you specify the

network
ID and subnet mask, it is automatically displayed in the form

w.x.y.z/n , where

w.x.y.z is
the network ID and

n is the number of ones in
the binary form of the subnet mask.

Configure a Subnet

Expand the Subnets

container right-click on a subnet Properties

The main thing you can configure here is Site on the Subnet tab. This
lets you associate the selected subnet with a different site if
desired.

Create an Active Directory Connection

To manually create a
connection between a domain
controller in one site and one in a different site, you can do the
following:

Expand the Sites container expand a site expand the Servers container expand a server right-click on NTDS Settings New Active Directory Connection select target domain controller

Manually creating Active Directory connections is not usually necessary, as Active Directory creates these connections automatically between domain controllers in different sites. It is generally better to check the replication topology instead, using the procedure described earlier, which creates additional Active Directory connections if they are needed to optimize intersite replication.

Designate a Preferred Bridgehead Server

Bridgehead servers are

domain
controllers used for replication with other sites:

Expand the Sites container expand a site select Servers container right-click on a server Properties select transport Add

Check the Replication Topology

The following procedure

can
be used to check the existing replication topology to determine
whether it is optimal. The process checks whether domain controllers
are available in each site and whether new ones have been added to
sites. It then uses site link cost values to recalculate an optimal
topology for intersite replication. If new Active Directory
connections are required, these will be automatically created by the
process:

Expand the Sites container expand a site expand the Servers container expand a server right-click on NTDS Settings All Tasks Check Replication Topology

Force Replication Over a Connection

Use this procedure to

force
a domain controller in one site to replicate with one in a different
site. The first domain controller is the one selected in the Servers
container of the first site, while the second domain controller is
the one specified on the Active Directory Connection tab of the
properties sheet for the selected connection:

Expand the Sites container expand a site (the first site) expand the Servers container expand a server (the first domain controller) select NTDS Settings right-click on a connection Replicate Now

To view the second site and second domain controller:

. . . select NTDS Settings Properties Active Directory connection read Site and Server information

Move a Server to a Different Site

Expand the Sites container expand a site select Servers container right-click on a server Move select target site

This procedure is

typically used to move a domain controller
from one site to another to optimize replication and logon traffic
for the target site.

Rename the Default-First-Site-Name

Expand Sites container right-click on Default-First-Site Rename specify a friendly name for the site