Administering AD LDS Replication, Sites, and Configuration Sets
Applies To: Windows Server 2008
This guide provides administrators with step-by-step instructions for managing Windows Server 2008 Active Directory Lightweight Domain Services (AD LDS) configuration sets and sites and configuring AD LDS replication.
AD LDS instances replicate data based on participation in a configuration set. All AD LDS instances that are joined to the same a configuration set must replicate a common configuration directory partition and a common schema directory partition. AD LDS instances in a configuration set can also replicate any number of application directory partitions. For more information, see Introduction to Administering AD LDS Replication and Configuration Sets.
You can only join an AD LDS instance to a configuration set using the AD LDS Setup Wizard or during an unattended AD LDS installation. After an AD LDS instance is installed, it cannot be joined to a configuration set. AD LDS does not support replication by using Simple Mail Transfer Protocol (SMTP).
AD LDS uses topology information, which is stored as site objects and site link objects in the configuration directory partition, to build the most efficient replication topology for a configuration set. For more information, see Introduction to Administering AD LDS Sites and Introduction to Administering AD LDS Sites and Replication.
You can optimize the replication efficiency and reduce the administrative overhead of your network by establishing sites appropriately. The most effective number of sites depends on the physical design of your network. When you first create a new AD LDS configuration set a single, a default site (called Default-First-Site-Name) is created that represents your entire network. A single site can be very efficient for a single location network that is completely connected by high-speed bandwidth. If your network contains multiple geographic locations that communicate over low-speed, wide area network (WAN) connections, establishing multiple sites gives you more detailed control of replication behavior, and it reduces network traffic on the WAN that connects the sites.
In AD LDS, replication within a site occurs automatically, and it does not require any configuration beyond the construction of configuration sets. For replication between sites, you can specify a schedule for replication. For example, you may want replication to occur only during the night, when your network is not busy.
Bandwidth as an important consideration
Within a site, bandwidth affects how efficiently replication can work. The frequency with which intrasite replication occurs requires high-speed bandwidth to function most effectively. Before you create a new site, make sure that high-speed bandwidth connects all computers in the site candidate. Any area where domain controllers are connected by 10 megabits per second (Mbps) or more of bandwidth is a good site candidate.
When to establish a single site
If you have a single local area network (LAN) consisting of a single location, or if your network consists of a series of closely located locations (as in a campus), in which all locations are connected by a high-speed backbone, by using the default site as the single site in replication topology can simplify replication management. In a single-site topology, all replication on your network occurs as intrasite replication, which requires no manual replication configuration. In a single-site design, all AD LDS instances also remain very current with respect to directory changes, because directory updates are replicated almost immediately.
When to establish multiple sites
When your network consists of multiple geographic locations connected by a WAN, establishing separate sites for each location provides the following benefits:
Efficient use of WAN bandwidth for replication
Detailed control of replication behavior
Physically separate network locations typically communicate over WAN connections, which are most often characterized by low-speed bandwidth. When you create a separate site for each physical location on your network, you ensure that AD LDS instances that communicate over WAN connections use intersite replication, which is specifically designed for efficiency over low-bandwidth connections.
Site link objects represent the network links between the sites on your network. When you create a new site object in AD LDS, add the site object to a site link object. Until you add the new site to a site link object, any AD LDS instances in the site cannot replicate to AD LDS instances outside the site. You can add a new site object to the default site link object. Or, you can create additional site link objects, which gives you greater detailed control over the relative cost of replication over different WAN connections on your network.
With multiple sites, you have more detailed control of replication behavior through configurable intersite replication settings. These settings include the relative cost of different replication paths and the availability of connections for use by replication.
Scheduling replication
For replication between AD LDS instances within a site, you can schedule the amount of time that elapses after the last change notification before a default replication event occurs. For more information, see Configure Replication Frequency Within a Site. For replication between AD LDS instances in different sites, you can schedule the availability of the site link that exists between the two sites. For more information, see Configure Replication Availability On a Site Link.
Authenticating AD LDS replication partners
Considerations for replication authentication in AD LDS include the authentication level of the configuration set, which is determined by the domain, forest, or workgroup environment, and the service accounts that are in use by the AD LDS instances in the configuration set. For information about service account requirements, see Selecting an AD LDS Service Account.