Deploying in a Domain Environment
Applies To: Windows Server 2008, Windows Vista
During installation, if you choose to install Message Queuing with directory service integration and the installation computer is part of a domain, Message Queuing objects are created in Active Directory Domain Services. For more information about Message Queuing objects in Active Directory Domain Services, see Message Queuing and Active Directory Domain Services [LH].
An Active Directory domain includes one or more domain controllers that store directory information for the domain. The collection of all domains in a network is called a forest, and one or more domains in the forest can be designated as a global catalog, with directory information for other domains in the forest, in addition to its own. Active Directory Domain Services employs a multi-master model, so that any Server family domain controller can read from or write to objects stored in Active Directory Domain Services.
Accessing Active Directory Domain Services
In a domain environment, computers running Windows® 7, or a Windows Server 2008 R2 operating system, and Message Queuing can directly access Message Queuing objects in Active Directory Domain Services. On the other hand, Windows 2000 computers running Message Queuing require either a Windows Server 2008 or Windows Server 2003 domain controller running the Windows 2000 Client Support feature to provide the Message Queuing directory dervice, or a Windows 2000 domain controller hosting a Message Queuing server in its site and its domain to access such objects in Active Directory Domain Services.
Note
The Windows 2000 Client Support feature has been removed from Message Queuing 5.0. To support message queuing on Windows 2000 down-level clients, at least one Windows Server 2003 or Windows Server 2008 domain controller with Windows 2000 Client Support feature must be configured in the domain.
Note
When receiving a user's request to Active Directory Domain Services, Active Directory Service Interfaces (ADSI) resolves the query by attempting to locate a domain controller in the user's domain. This can potentially be a problem for users who log on to remote computers in a different domain from their own. If the remote computer's domain is not connected to the user's domain, the query against Active Directory Domain Services will fail.
Sites
In a domain environment, a Message Queuing network can be divided into different Windows Server 2008 R2 family sites, which are interconnected using routing links. Sites map the physical structure of your network, whereas domains generally map the logical structure of your organization, independently of each other. There may be multiple domains in a single site as well as multiple sites in a single domain. For more information, see Message Queuing and Active Directory Domain Services [LH].
In the context of Message Queuing, a site can consist of the following:
Windows Server 2008 R2 domain controllers, which hold configuration and status information in Active Directory Domain Services and replicate such information between sites using site links. Active Directory Domain Services employs what is called a multi-master model, which means that any Windows Server 2008 R2 domain controller can read from or write to objects stored in Active Directory Domain Services.
Windows 7 or Windows Server 2008 R2 family computers, all of which use the same network protocol (typically IP). Any two computers in a site that use the same network protocol have direct connectivity with each other. Such connectivity also implies fast and cheap communication.
Collections of associated subnets, each with a single IP subnet address.
When a Message Queuing client communicates with a Message Queuing server, it directs the request to a predetermined server in the same site, if one is available.
Site considerations
All sites are determined during the planning and installation of Windows 7 or Windows Server 2008 R2 family computers in your organization.
Consider the factors listed in the following table before deploying Message Queuing in your environment.
| Site consideration | Requirement or suggestion |
|---|---|
Communication link |
The communication link between sites must be permanent. |
Available network bandwidth |
The network bandwidth must be able to support the volume of messages transmitted within the site. |
Performance |
The number of domain controllers in each site affects performance. Each additional domain controller in a site generates more network traffic for Active Directory Domain Services replication throughout that site. You need to weigh the benefits of redundancy against the performance overhead of increased replication. |
Performance and connectivity |
Configuring a domain controller as a global catalog server in each site will enhance performance and reduce connectivity issues. |
Organizational |
Group together users who work in the same site to improve overall performance of the system, reduce network traffic, and reduce resource use. |
Offline mode
A Message Queuing computer can also belong to a domain but be temporarily unable to communicate with a domain controller. This is known as offline mode and occurs when:
The computer itself is offline.
All the domain controllers in its site are offline.
An attempt is made to access a remote computer and the remote computer is temporarily unable to query a domain controller for authentication.
In all these cases, the computer's configuration as a member of a domain is maintained in the registry and normal domain operation resumes as soon as a domain controller becomes available. While in offline mode, messages can be sent directly by using direct format names. When other format names are used, the messages are stored on the local computer and are sent as soon as a domain controller becomes available. For more information, see "Format names" in Queue Names [LH].