Microsoft Azure AZ-800 — Section 4: Configure and manage multi-site, multi-domain, and multi-forest environments Part 4
35. Configure and manage AD DS replication
Now that we understand sites, we know how we can configure replication to occur the way that we want it to, but what I want to show you now is I want to show you how we can test replication and also monitor replication.
So here we are on enhanced CDK1. We’re just going to click start. We’re going to go to server manager and then we’re going to open up the Active Directory sites and services tool, which is the tool that we use to create the sites, site, link subnets. All that’s working. Click tools. Going to go to Active Directory sites and services. All right. And then from there, we’ll be able to locate our site objects, whatever site objects we’ve got and our domain. George now in our case, went, we created sites, then we got rid of them because we didn’t really have that environment set up. We don’t want to break anything.
So but right now I have one site it’s called the default first site name, OK. And then from there, I’ve got these domains or objects, the Rozee test, you can ignore that that was just the mean demonstrating creating a pre staged Rozzie object. Of course, it will generate an error because it doesn’t really exist. But we’re going to focus on these two servers here, these two domain controllers.
So, if I expand the Sudo, make sure you’ll notice that I have a object called in tedious settings, and that is where the KCC has generated a connection.
So the KCC on this one has created a connection to server one. And then if I expand server one, it’s created a connection to DC one.
Now, if I want to trigger if I want to forest replication between, because what I can do is I can right click this object and I can say replicate now. And as long as I don’t get an error right here, that means the connection is solid.
So, I just went ahead and triggered it to replicate.
Now, if I wanted to trigger replication from Server one to pull from DC one, I could go to Server one, right click that and click Replicate.
Now, granted, I could also go over to Server one and do the same thing, but you can trigger it from here.
OK. All right.
So that is how I can forest replication between DC to happen if I want. All right. Granted that they’re part of the same site, replication is going to occur within 30 seconds anyway.
Now the next thing I want to show you is how we can. We can troubleshoot, we can. We can also forest replication from the command line.
So, I’m just going to go down to the search bar here is going to type seemed. And you could do this through PowerShell if you wanted to as well. And then from there, I have a command. Called Rep Admin.
OK, some say rep admin, and then I’m going to say forest show rebel.
OK, show Ripple hit Enter. It’s going to show you the replication connections that are set up right now in Active Directory, so you can see NYC Server one is who I’m currently going to replicate with from from NYC DC one.
OK. If you type rep admin slash question mark, you can see the other switches that you can you can run. You can even forest replication triggers replication to occur if you want. If you want to check the KCC, you can type slash KCC forces the KCC on target to make sure to immediately recalculate its inbound replication. That’s going to verify the connectivity between all the pieces and the insights filter. To forest that to go through, you could.
OK, here’s the Rozee.
So you can kind of skim through this list. And if you want, there’s quite a few little parameters here that I can set.
OK? I can even output to a CSV file spreadsheet if I want, which is really cool. All right, the next thing I want to show you. Is a campaign called DC Diag now DC Diag is a domain controller diagnostics tool, so, it is going to run DC Diag. It’s going to run a series of tests against Active Directory right now. Tell me if there’s any problems we’re going to hit. Enter. All right. And then from there, you’ll notice that it’s it’s ran. These tests says Pass Pass, Fast, Fast Pass.
So a lot of a lot of passes here. All right now, there is going to be at least one failure due to an IP connection with with the Rothesay that’s not there.
So that’s not not really a big deal because it’s not really a real server. But as you can see, everything did go through successfully now if you don’t want it to run all of these tests. All right. You can tell it not to. All right. Oh, and also you’ll notice I do have this failure here says there was a warning error within less than four hours this fall had shared, and this probably due to the fact that my IP address keeps changing on this network that I’m on, and I keep having to point my server back to my DC four DNS.
So remember, DNS is critical for Active Directory. Absolutely critical. You got to make sure that. Your other domain controller is pointing to this as your DNS and make sure that this machine is pointing to itself or DNS. If you if you chose loopback for that one 20 seven zero zero one, you should be fine.
OK. Granted, there is a command called DC Diag slash fix. Let’s look at the look at the commands that are available. And it will fix. It’ll try to fix certain problems related to DNS if there is like missing DNS records, you can do that and it’ll also try to update those records for you.
Now, if you wanted to run a specific test, see you can do the slash test and then to specify the name of the test that you want to run.
So here’s all the different tests that you can run. And again, if you just if you just run DC diag, it’s going to run all the tests at one time.
OK. If you want, you can also say DC diag and then I’m going to use the greater than symbol, which is the redirect symbol and say, see the so-called flash test dot text. It’s going to dump it to a text file for me, so then I can open up File Explorer or click the C drive. There’s the test file, and I can go through and read this report at my own leisure.
OK. All right.
OK, and so that is how you can you can do a little monitoring and troubleshooting with replication and make sure that the knowledge, consistency, checkers doing its job and that everything is replicating successfully.
36. Configure a DC as a Global Catalog server
I want to take a moment now, and we’ll show you how to configure a global catalog server, there’s actually not really much to configure. You’re either going to enable a global catalog server or you’re going to disable the global catalog server. A global catalog server is going to replicate the domain partition, or, I should say, a subset of the domain partition across every domain in your forest. And so when I say a subset of the partition, I mean, it’s going to it’s going to basically replicate some of the information about each one of your objects and the entire forest so that users throughout the forest can find each other in search for information inside the domain. Ideally, you want to have a global catalog server in every site of your company. In a perfect world domain, a global catalog servers do generate a little bit more replication traffic, though, so that is one consideration. If you only have a single domain, only one domain in your forest that Microsoft will even recommend you make all of your domain controllers a global catalog of servers. But if you’re in a very large environment, you don’t want the extra replication load then. Generally speaking, Microsoft will tell you to put a global catalog server in every site. Remember, global catalog servers must be domain controllers. Not all domain controllers are global catalog servers, necessarily, but all global catalog servers are domain controllers.
So let me show you how to do that. We’re here on noir CDK1. All right, we’re going to open up server manager.
So, we’re going to start. We’re going to go to server manager. One server manager loads up. We’re going to be going over to the tools menu and we’re going to open up Active Directory sites and services, so here we go tools, Active Directory sites and services. We’re going to let that load up. And where do they put this thing was a little strange. A lot of people, when they first started working with Active Directory in the year 2000, they kind of struggled to find it. But to actually to locate where the global catalog setting is, what you’re going to do is you’re going to expand underneath the site. In my case, I’m going to do the default first site name because that’s where my domain controllers currently are going to expand servers and you’ll see I have my two servers. Here are two domain controller. Both of these are domain controllers.
So to make something a global catalog server, you expand that server object. And this what you want to look for. This little object here called in PDF settings. You’re just going to right click that object. You’re going to go to properties. And that is where the global catalog checkbox is. And again, it’s it’s a little underwhelming when you get there, you kind of expect it to be all these little dials and buttons, but it’s really just a checkbox. That’s all it is. You’re either going to turn it on, you’re going to turn it off. And when you do that, it will become a global catalog server. And you can already see that my in my CDK1 is a global catalog server. And when I set up my N.Y.C. server one as a domain controller, I went ahead and told it to be a global catalog server as well.
OK, so that’s how you do it. You can enable or disable it by checking that box, and that is all there is to enabling or disabling a global catalog server.