Best practices for Active Directory replication topology design

The secret to an efficient and error-free Active Directory infrastructure is a well-designed replication topology. While this can be easy to design in a simple network, a large, complex network presents a challenge.

Multiple network hubs make topologies complicated

Networks are typically some type of hub-and-spoke formation, with a central hub and links radiating out to remote sites. In fact, it's not uncommon to see networks with two or more hubs and the remote sites split between the two, with a link between them. Diagram 1 shows the basic concept of a multiple hub and spoke topology. Here there are three main hubs in Atlanta, Singapore and London, with two secondary hubs in Caracas and Calgary.

Active Directory Topology Diagram 1
[IMAGE]

Making the Active Directory topology design efficient

Designing the Active Directory topology efficiently is to construct it so that it takes advantage of the strengths and minimizes the weaknesses of the network. In a complex network, you are likely to have a number of different link speeds connecting remote sites, especially for European and Asian sites.

This type of network can be quantified in a tier-type Active Directory topology as shown in Diagram 1. In this example we have quantified the network link speeds connecting sites into three main groupings. At the top we have a "Core" site link containing the prime hub sites connected with the fastest lin

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Active Directory Replication Tracking a deleted Active Directory object's replication status How to build redundancy in Active Directory replication Bad external time source stops Active Directory replication Unwinding USN rollback when faced with AD replication failure Solving Active Directory replication failure ReplMon still tops for troubleshooting Active Directory replication Active Directory Replication Guide Understanding DFSR for easy configuration of Active Directory replication groups Distributed File System feature prioritizes target servers in Active Directory Case Study: How to force immediate Active Directory replication for all core sites Microsoft Active Directory Design and Administration Performing a staged installation of an RODC in Windows Server 2008 Using Active Directory to manage Macs in a Windows environment Scripting domain controller installations: A must for Server Core Taming the LSASS.exe process for Active Directory performance and security Top 5 Active Directory tips of 2008 Active Directory FAQs Active Directory database basics: Performing an offline defrag Tips for Windows domain controller optimization How to rebuild the SYSVOL tree when none exists in Active Directory New AD features in Windows 2008 Active Directory Administration Using Active Directory to manage Macs in a Windows environment Troubleshooting poor Windows logon performance in Active Directory environments Common Active Directory security oversights Scripting domain controller installations: A must for Server Core Taming the LSASS.exe process for Active Directory performance and security Troubleshooting Active Directory database errors Active Directory database basics: Performing an offline defrag Branch office security: Pros and cons of read-only domain controllers Tips for Windows domain controller optimization How to rebuild the SYSVOL tree when none exists in Active Directory

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Active Directory  (SearchWindowsServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ks. I have seen anywhere from two to 10 sites in this link. The second tier would be the next fastest links and the third tier, the slowest links. Note how we have identified a hub site for each tier, and created individual site links from each remote site in the tier to the hub. To make this all work, we have to connect the hub sites together, so we create site links between the Tier 2 and Tier 3 hubs and between the Tier 1 and Tier 2 sites.

Active Directory Topology Diagram 2
[IMAGE]

In our example, this would force replication from Birmingham to Atlanta to go first to Denver, then to Richmond, then Atlanta. This would tell us that the network routing and link speeds would be such that it is the most efficient way to replicate the AD data. Of course, you could expand this configuration so that Singapore connected to Tier 2 sites in Asia and those sites connected to Tier 3 sites in Asia, and similarly for Europe and the London hub.

AD Replication Design best practices

The best practices for Replication Design include:

Of course there are lots of good examples of poorly designed topologies that had to be fixed by changing the design. We'll examine a couple of them in the next article.

Gary Olsen is a systems software engineer for Hewlett-Packard in Global Solutions Engineering. He authored Windows 2000: Active Directory Design and Deployment and co-authored Windows Server 2003 on HP ProLiant Servers.

Rate this Tip To rate tips, you must be a member of SearchWindowsServer.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.