none
intersite replication over vpn routers

    Question

  • I have searched for hours and cannot find an answer to this question; please help.

    How does the active directory replcation proceedure know which routes to use over a vpn.  We have four sites; one home office and three remote sites in differnet cities.  I understand creating the sites and the subnnets but what proceedure happens when replication begins that directs the sites to replicate over the correct VPN connecton.  I have found nowhere to set this up or configure.

    Thanks,

    Jim Simmons


    Jimmy W. Simmons
    Friday, August 19, 2011 11:36 PM

Answers

  • Take a look at the following presentation. Pay attention to the ISTG, the KCC, and Site Links. That's the basics of what's behind replication. As far as what VPN connection to use, that's transparent. Replication is a pull request from the other Site's Replication Partner. It will use the current infrastructure's routed topology, so when you design your sites, please make sure whatever site links you create, there's a physical link to it, whether directlty or going through one location to get to another.

    The following appears to be a "Blended MOC" module, meaning it was customized from the original Microsoft Official Curriculum courseware. It focuses on how AD Replication works, how Sites work, how logon and replication traffic is controlled by configuring AD Sites, how to create a Site, etc:
    Module 4: Configuring Active Directory® Domain Sevices Sites and Replication
    http://www.scribd.com/doc/24692216/Module-4-Configuring-Active-Directory%C2%AE-Domain-Sevices-Sites-and-Replication

     

    Managing sites in Active Directory involves adding new subnet, site, and site link objects when the network grows, as well as configuring a schedule and cost for site links. You can modify the site link schedule, cost, or both, to optimize intersite replication. When conditions no longer require replication to a site, you can remove the site and associated objects from Active Directory. Jan 6, 2003 ... Lot's of good info on the KCC, Bridgheads, TCP/IP settings, ISTG, etc. Most of it applies to Windows 2008 & 2008 R2, too.
    http://technet.microsoft.com/en-us/library/bb727051.aspx

    Large hub-and-spoke topology management is beyond the scope of the above document. For information about managing Active Directory branch office deployments that include more than 200 sites:
    Active Directory Branch Office Guide Series:
    http://www.microsoft.com/technet/archive/windows2000serv/technologies/activedirectory/deploy/adguide/default.mspx


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Saturday, August 20, 2011 1:31 AM
  • You can refer below link for the explanation. There is big difference using VPN as in case of VPN the connectivity is through tunnel but logic is same. KCC takes care of generating replication topology based on sites/subnet information. The function of ISTG is to assign one bridgehead server per site.

    How Active Directory Replication Topology Works

    http://technet.microsoft.com/en-us/library/cc755994%28WS.10%29.aspx

     

    Regards


    Awinish Vishwakarma

    MVP-Directory Services

    MY BLOG:  http://awinish.wordpress.com

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Saturday, August 20, 2011 6:54 AM
    Moderator
  • The short answer is - it does not. As Ace has pointed out, AD replication relies entirely on the way you define site topology - in particular site links and their individual settings (primarily their cost, sites they connect together and site link bridging).

    Effectively, if you have redundant connections between physical locations (i.e. you can route traffic between site 1 and 4 either via site 2 or 3), then you would likely want to define redundant site links and ensure that you assign their cost such that it represents your preference in the way the replication traffic should be flowing

    Ace and Awinish have provided links to documentation that explains this process in details - review it and let us know if you have any additonal questions...

    hth
    Marcin

    Saturday, August 20, 2011 12:34 PM

All replies

  • Take a look at the following presentation. Pay attention to the ISTG, the KCC, and Site Links. That's the basics of what's behind replication. As far as what VPN connection to use, that's transparent. Replication is a pull request from the other Site's Replication Partner. It will use the current infrastructure's routed topology, so when you design your sites, please make sure whatever site links you create, there's a physical link to it, whether directlty or going through one location to get to another.

    The following appears to be a "Blended MOC" module, meaning it was customized from the original Microsoft Official Curriculum courseware. It focuses on how AD Replication works, how Sites work, how logon and replication traffic is controlled by configuring AD Sites, how to create a Site, etc:
    Module 4: Configuring Active Directory® Domain Sevices Sites and Replication
    http://www.scribd.com/doc/24692216/Module-4-Configuring-Active-Directory%C2%AE-Domain-Sevices-Sites-and-Replication

     

    Managing sites in Active Directory involves adding new subnet, site, and site link objects when the network grows, as well as configuring a schedule and cost for site links. You can modify the site link schedule, cost, or both, to optimize intersite replication. When conditions no longer require replication to a site, you can remove the site and associated objects from Active Directory. Jan 6, 2003 ... Lot's of good info on the KCC, Bridgheads, TCP/IP settings, ISTG, etc. Most of it applies to Windows 2008 & 2008 R2, too.
    http://technet.microsoft.com/en-us/library/bb727051.aspx

    Large hub-and-spoke topology management is beyond the scope of the above document. For information about managing Active Directory branch office deployments that include more than 200 sites:
    Active Directory Branch Office Guide Series:
    http://www.microsoft.com/technet/archive/windows2000serv/technologies/activedirectory/deploy/adguide/default.mspx


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Saturday, August 20, 2011 1:31 AM
  • You can refer below link for the explanation. There is big difference using VPN as in case of VPN the connectivity is through tunnel but logic is same. KCC takes care of generating replication topology based on sites/subnet information. The function of ISTG is to assign one bridgehead server per site.

    How Active Directory Replication Topology Works

    http://technet.microsoft.com/en-us/library/cc755994%28WS.10%29.aspx

     

    Regards


    Awinish Vishwakarma

    MVP-Directory Services

    MY BLOG:  http://awinish.wordpress.com

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Saturday, August 20, 2011 6:54 AM
    Moderator
  • The short answer is - it does not. As Ace has pointed out, AD replication relies entirely on the way you define site topology - in particular site links and their individual settings (primarily their cost, sites they connect together and site link bridging).

    Effectively, if you have redundant connections between physical locations (i.e. you can route traffic between site 1 and 4 either via site 2 or 3), then you would likely want to define redundant site links and ensure that you assign their cost such that it represents your preference in the way the replication traffic should be flowing

    Ace and Awinish have provided links to documentation that explains this process in details - review it and let us know if you have any additonal questions...

    hth
    Marcin

    Saturday, August 20, 2011 12:34 PM
  • Ladies and Gentlemen,

    Wow this is impressive.  It is going to take me a few days to read material and digest.  Fortunately I am working on several projects at the same time and some mission critical.  I appreciate all of your response and shoud be able to get to this in next few days.

    Please be patient with me.


    Jimmy W. Simmons
    Saturday, August 20, 2011 4:58 PM