Print Friendly and PDF

Active Directory Replication

Replication is all about sending information about changes to objects in the directory database to each DC within and between the physical sites in a network topology. A site is composed of one or more IP subnets connected by high-speed links. There are two types of replications. Replication within the same site called intrasite replication and replication between sites called intersite replication. All replication in Active Directory follow a multimaster replication model meaning that every DC can receive updates to data for which it is authoritative and all replication is pulled-based meaning that the DC requests changes rather than push or send them.

Directory Partitions

Active Directory data is logically partitioned so that each domain controller does not store all objects in the directory. Each partition, or naming context, contains objects of a particular scope and purpose. Schema Partition defines the object classes and their attributes for the entire directory. The configuration is replicated to every domain controller in the forest.

Domain Partition: Contains all the objects stored in a domain, including users, groups, computers, and Group Policy containers. This partition information is replicated to all domain controllers within a domain, but not to domain controllers in other domains.

Configuration Partition: Contains objects that represent the logical structure of the forest, domains, as well as the physical topology, including sites, subnets, and services.

Application Directory Partition: Replicates directory partition only to specific domain controllers. The Knowledge Consistency Checker is responsible for generating and maintaining the replication topology. Objects stored in Application directory partition are not replicated to the Global Catalog

Knowledge Consistency Checker

The replication topology is generated by the Knowledge Consistency Checker.It runs locally on each DC and reads configuration data and writes connection objects for DCs in the site. There is one designated KCC in each site that is responsible for writing the connections to other DCs in other sites it is called Intersite Topology Generator.


Each DC uses metadata to manage the replication of objects. The directory sends key bits of information about the DC where the object originated, when the change was made and what kind of update was made.

The metadata includes: An Update Sequence Number:Specific to the DC .When a change is made to an object the DC increments the USN by 1.

A High Watermark Vector: Used to help the DC limit the changes that are being sent across the wire at each replication.

A Global Unique Identifier: That identifies the remote DC and prevents possible confusion if the DC is renamed.

Up-To-Date Vector: That is used to prevent the same replication changes from being sent out over and over again.

To see the replication topology of your network you can use the command-line tool called repadmin.exe.