- Install Ansible on Windows - Thu, Jul 20 2023
- Use Azure Bastion as a jump host for RDP and SSH - Tue, Apr 18 2023
- Azure Virtual Desktop: Getting started - Fri, Apr 14 2023
In this series, we will move through the content blueprint of the Microsoft Windows Active Directory Configuration (70-640) exam objectives with an eye toward preparing you to pass this Microsoft Certified Technology Specialist (MCTS) exam.
For each exam domain, I will give you two blog posts. One blog post represents a nutshell summary of the content underlying a particular subobjective from the 70-640 certification exam outline. The second blog post offers a representative practice exam question that covers one topic from that content domain.
The screenshot below shows the relevant section from the 70-640 exam blueprint on configuring Active Directory Domain Services (AD DS) sites.
Microsoft Exam 70-640 – Configure Sites / Domain 2, Subobjective 3
You know what the term replica means, right? A replica is an exact duplicate of some other object. Similarly, in Active Directory, our domain controllers replicate changes to the AD database in order to ensure that all domain controllers contain consistent (exact) data.
Whereas objects like the forest, domain, and organizational unit are logical objects that can be organized in several different ways, the Active Directory site, subnet, and site link objects are intended to reflect the physical infrastructure of your organization.
In a nutshell, domain controllers that exist in the same AD site will replicate to/from each other almost immediately (in 15-second intervals, to be exact). By contrast, domain controllers located in separate sites are connected by a site link object that the domain administrator can control to determine replication frequency. After all, the network link between sites is generally presumed to be much slower and potentially more unreliable than the high-speed LAN links that connect DCs within one site.
We implement our Active Directory site topology by using the Active Directory Sites and Services MMC console. We can do the same thing as well by using Windows PowerShell 2.0.
Active Directory Sites and Services console
Before you register to take the 70-640 exam, please ensure that you are very comfortable with all technologies and procedures that are referenced in this subobjective:
- Creating Active Directory Subnets
- Configuring Site Links
- Configuring Site Link Costing
- Configuring Sites Infrastructure
Creating Active Directory subnets
A subnet is an Active Directory object that denotes an area of high-speed network connectivity. I personally consider “high-speed connectivity” to denote LAN speeds of between 10Mbps and 1Gbps; however, the Microsoft literature gives what are to me absurdly low thresholds for subnets.
A subnet object
Because intrasite replication happens immediately (more or less), we define site objects in Active Directory that reflect the physical network topology within each site location. When we define a site, we specify the CIDR notation of the subnet (192.168.1.0/24 to denote a network ID of 192.168.1.0 and a 24-bit subnet mask), and the site object to which the subnet is associated.
NOTE: Windows Server 2008 R2 supports both IPv4 and IPv6 for subnet objects.
Relevant Links:
Configuring Site links
Site links are manually created by domain administrators to, well, link site objects. The cool thing about site links is their ability to be scheduled and configured with a costing metric.
Active Directory Site link
Remember that because we presume that the physical network infrastructure links between physical sites are slower than LAN speed, we can set up a replication schedule on a site link in order to fully control how often Active Directory takes place.
By default, site link bridging is enabled on Active Directory site links. What this means in a nutshell is that site links are transitive in the same way that Active Directory trust relationships are transitive.
Relevant Links:
Configuring Site link costing
Active Directory site links use a relative costing metric; lower cost values denote preferred replication paths. Consider the following diagram: in this topology, we can force Active Replication between site 3 and site 2 to occur by way of site 1 due to our configured costs. We could in this case use the site 3 > site 2 link as a backup for the purpose of redundancy.
Site link costing
Relevant Links:
Configuring Sites infrastructure
All right—now let’s tie everything together. We now know that we want all of our domain controllers replicating changes to the AD database in a time-efficient manner. Most administrators define site objects to reflect each physical campus in their organization.
Within each site we have one or more subnet objects that denote the areas of high-speed connectivity within each campus.
Finally, we build site link objects to tie together our sites and manually specify replication paths and frequency.
NOTE: If you are wondering, “Where is the information on IP vs SMTP site links? What about the KCC and ISTG?” then hold on—we will cover those topics and more in the next exam subobjective. Be patient!
Relevant Links:
Conclusion
I hope that you find this approach to 70-640 exam preparation to be beneficial. Please feel free to leave your questions, comments, and exam experiences (no braindumps, please) in the comments portion of this post.
In the next post in this series I will provide a sample practice question for the “Configure sites” subobjective.
