Replikacja AD Jak popsu*? Jak naprawi*?

Report
Replikacja AD
Jak popsuć?
Jak naprawić?
Daniel Stefaniak
PFE @ Microsoft
O czym będzie?
Po co nam to
wszystko?
Jak replikacja
działa?
Repadmin & AD
Replication
Status Tool
RPC – zmora
każdego
bezpiecznika
Inne pospolite
błędy
2
Zasady
replikacji
Pull-based
Multimaster
Store &
Forward
State-based
3
Partnerzy są
ważni
• DNS
• NTDS GUID
• RPC
• Kerberos
4
Topologia
Replikacji
Site Link
KCC
Subnets
B.A.S.L.
5
Narzędzia
6
AD
Replication
Status Tool
7
Repadmin
8
RPC Server is
unavailable
9
Najczęściej
spotykane
przyczyny
Problem z DNS
_msdcs
Usługa nie jest
uruchomiona
Firewall blokuje
ruch
10
Replikacja
przyjazna
firewall-om
• Preferred Bridgehead
• Statyczny port RPC dla Netlogon
• Statyczny port RPC dla Active Directory
• Statyczny port dla FRS
• Statyczny port dla DFS-R
• Mały zakres portów dla EPM
11
Interfejsy RPC
Name
UUID
Common Name
MS NT Directory DRS Interface
e3514235-4b06-11d1-ab0400c04fc2dcd2
AD Replication
MS NT Directory NSP Interface
f5cc5a18-4264-101a-8c5908002b2f8426
Outlook Address book,
optional
LSA RPC
12345778-1234-abcd-ef000123456789ab
Local Security Authority
Netlogon
12345678-1234-abcd-ef0001234567cffb
Remote Logon
SAM RPC
12345778-1234-abcd-ef000123456789ac
Security Accounts Manager
NTDS Backup Interface
ecec0d70-a603-11d0-96b100a0c91ece30
AD Backup, optional
NTDS Restore Interface
16e0cf3a-a604-11d0-96b100a0c91ece30
AD Restore, optional
File Replication Service
f5cc59b4-4264-101a-8c5908002b2f8426
FRS Replication
File Replication API
d049b186-814f-11d1-9a3c00c04fc9b232
FRS Administration
DFS Replication Service
897e2e5f-93f3-4376-9c9cfd2277495c27
DFS-R Interface
12
Inne błedy
Divergent
partners
USN Rollback
Osierocona
domena
Strict
13
Kontakt
Daniel Stefaniak
[email protected]
www.microsoft.com/microsoftservices
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or
other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must
respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
Materiały
http://social.technet.microsoft.com/wiki/co
ntents/articles/584.active-directoryreplication-over-firewalls.aspx
http://support.microsoft.com/kb/224196
http://support.microsoft.com/kb/319553
http://support.microsoft.com/kb/154596
http://support.microsoft.com/kb/938704
http://support.microsoft.com/kb/887430

похожие документы