Information Technology Reference
In-Depth Information
PDC emulator for the domain instead of denying the logon. You can use group policies to
configure DCs to not contact the PDC emulator when a logon fails, however, which you
might want to do if there's no PDC emulator in the local site.
An RODC is treated like any other domain controller when considering replication topology.
However, RODCs have some limitations you should keep in mind when you're creating the topology:
• The connection between an RODC and a writeable DC is a one-way connection because
changes can't originate on an RODC.
• Two RODCs can replicate with one another, as long as one has an incoming connection
with a writeable DC.
• The domain directory partition can be replicated only to an RODC from a Windows
Server 2008 DC. Windows Server 2003 DCs can replicate other partitions to an RODC.
• When upgrading a domain from Windows Server 2003, the first Windows Server 2008
DC must be writeable.
RODCs are a new configuration option in Windows Server 2008. Because they can be made
more secure than a writeable domain controller, they're often used in branch offices where phys-
ical server security can be a concern. For this reason, administrators are likely to use them in
Active Directory site design.
Chapter 4 discussed the reasons for creating additional sites and described basic site compo-
nents, and you learned how to create new subnets in preparation for creating new sites. This sec-
tion covers the components of intersite replication, explains how to configure sites for optimal
efficiency, and includes the following topics:
• Creating new sites
• Configuring site links
• Intersite transport protocol
• Bridgehead servers
• Site link bridges
• Global catalog and universal group membership caching
As you learned in Chapter 4, a site is an Active Directory object containing domain controllers
and replication settings and is usually associated with IP subnets and site links. Sites are usually
geographically dispersed and connected by WAN links, but sites can also be different buildings
on a campus or different floors of a building, for example. The only criteria for a site is that it's
associated with one or more IP subnets and no two sites share the same subnet. When you create
a site in Active Directory Sites and Services, as you did in Activity 4-9, you're asked to select a
site link. DEFAULTIPSITELINK is the only choice unless you've created other site links.
The Significance of Subnets
After creating a site, you must associate one or more sub-
nets with it, which essentially means you're assigning a range of IP addresses to the site. Active
Directory uses this information in two important ways:
•
Placing new domain controllers in the appropriate site
—Correct placement is necessary to
determine the optimum intrasite and intersite replication topology and to associate clients
with the nearest domain controllers. When a new DC is installed, it's automatically placed
in the site corresponding with its assigned IP address (see Figure 10-22). If the DC existed
before the site was created, you need to move the DC manually from Default-First-Site-
Name to the new site.
Search WWH ::
Custom Search