Step 8: Practice Managing Configuration Sets
Applies To: Windows Server 2008
To provide fault tolerance and load balancing, Active Directory Lightweight Directory Services (AD LDS) instances can belong to configuration sets. AD LDS instances replicate data based on participation in a configuration set. All AD LDS instances in a configuration set replicate a common configuration directory partition and a common schema directory partition, plus any number of application directory partitions.
To create an AD LDS instance and join it to an existing configuration set, use the Active Directory Lightweight Directory Services Setup Wizard to create a replica AD LDS instance. You need to know the Domain Name System (DNS) name of the server running an AD LDS instance that belongs to the configuration set, as well as the Lightweight Directory Access Protocol (LDAP) port that was specified when the instance was created. You can also supply the distinguished names (also known as DNs) of specific application directory partitions that you want to copy from the configuration set to the AD LDS instance that you are creating.
Managing configuration sets includes the following tasks:
Create an AD LDS replica instance
Configure a replication schedule
Create an AD LDS replica instance
You can install an AD LDS replica instance by using the Active Directory Lightweight Directory Services Setup Wizard.
Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477). By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition.
To install an AD LDS instance replica by using the Active Directory Lightweight Directory Services Setup Wizard
Click Start, point to Administrative Tools, and then click Active Directory Lightweight Directory Services Setup Wizard.
On the Welcome to the Active Directory Lightweight Directory Services Setup Wizard page, click Next.
On the Setup Options page, click A replica of an existing instance, and then click Next.
On the Instance Name page, accept the default name instance2 (or instance1, if you are installing AD LDS on a second computer), and then click Next.
Note
AD LDS instance names must be unique only on a given computer.
On the Ports page, accept the default values of 50000 and 50001 (if you are installing onto the first computer) or 389 and 636 (if you are installing onto a second computer), and then click Next.
On the Joining a Configuration Set page, in Server, type the host name or DNS name of the computer where the first AD LDS instance is installed. Then, type the LDAP port number in use by the first AD LDS instance (which is 389 by default), and then click Next.
Note
You must use a valid host name or DNS name, rather than an IP address or localhost when you specify a server on the Joining a Configuration Set page of the Active Directory Lightweight Directory Services Set Wizard.
On the Administrative Credentials for the Configuration Set page, click the account that is used as the AD LDS administrator for your first AD LDS instance.
On the Copy Application Partition page, select the application directory partitions that you want to replicate to the new AD LDS instance. (The schema and configuration partitions will be replicated automatically.) To select the O=Microsoft,C=US directory partition for replication, in Available partitions, click O=Microsoft,C=US, and then click Next.
Accept the default values on the remaining Active Directory Lightweight Directory Services Setup Wizard pages by clicking Next on each page, and then click Finish on the Completing the Active Directory Application Mode Setup Wizard page.
After the installation is complete, use ADSI Edit to confirm that the O=Microsoft,C=US directory partition has been replicated to your second AD LDS instance.
Configure a replication schedule
Now that you have multiple AD LDS instances joined in a single configuration set, you can schedule replication.
Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477). By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition.
To schedule replication between AD LDS instances
Click Start, point to Administrative Tools, and then click ADSI Edit.
In the console tree, click ADSI Edit.
On the Action menu, click Connect to. The Connection Settings dialog box appears.
In Name, you can type a label under which this connection will appear in the console tree of ADSI Edit. For this connection, type AD LDS demo.
In Select or type a domain or server: (Server | Domain[:port], type the DNS name, NetBIOS name, or IP address of the computer on which the AD LDS instance is running (because, in this exercise, AD LDS is running on the local computer, you can use localhost as the server name), followed by a colon (:) and the LDAP communication port that the AD LDS instance to which you want to connect is using.
For this exercise, accept the default value of 389.
Under Connection point, click Select a well known Naming Context, and then click Configuration.
Note
Because all your AD LDS instances belong to the same configuration set, you can schedule replication on any one of them.
- In the console tree, double-click the configuration partition CN=Configuration,CN={GUID}, where GUID is the unique identifier that is assigned during AD LDS setup; double-click the sites container, CN=Sites; and then double-click the default sites container, CN=Default-First-Site-Name.
Note
By default, all AD LDS instances that you create belong to a single site, Default-First-Site-Name. In this exercise, all your AD LDS instances belong to a single site. Therefore, you are scheduling replication within a site, which is called intrasite replication. For more information, see Step-by-Step Guide for Configuring Active Directory Lightweight Directory Services Replication (https://go.microsoft.com/fwlink/?LinkId=96086).
In the details pane, right-click CN=NTDS Site Settings, and then click Schedule.
In the Schedule dialog box, select the block of time that you want to schedule; click None, Once per Hour, Twice per Hour, or Four Times per Hour as the replication frequency; and then click OK.
Note
For intrasite replication, AD LDS instances replicate changes through update notifications. The replication frequency schedule affects intrasite replication only when no update notifications occur in the specified time.
Note
Scheduling replication is optional. By default, AD LDS replication schedule is set to the Once per Hour option.