Active Directory Replication

All enterprise directory environments must include mechanisms to update and syncronize directory information across the entire directory structure.Every DC must be updated with the most recent information so that users can logon,access resources and interact with the directory. Active Directory uses multimaster replication to allow creation,modification and deletion of information in the directory,this means that no one DC is authoritative so if one DC goes down any of the rest of writable domain controllers can make changes to the directory information and the changes then gets replicated across the domain infrastructure.

In order to have some control over the replication so that the most recent changes take precedence we have the concept of Update Sequence Numbers or USNs. USN is a 128-bit number that is maintained by each domain controller in Active Directory.This number is updated upon each change made to the directory on that specific server.The integrity of the replication is ensured with USNs because the number is updated only upon confirmation that change has been written to the specific domain controller, so if a update replication cycle has a failure the server in question will seek an update based on its USN number.

Configuring Replication

When managing replication traffic between sites there are two types of sychronization Intrasite and Intersite.In Intrasite replication one domain controller contacts the others in the same site when a change is made using Remote Procedure Call protocol.Intersite replication is optimized for low-bandwidth situations and connections that have less reliability.You can use two different protocols to transfer information,the RPC over IP or Simple Mail Transfer Protocol. You almost always use IP site links because they are encrypted and authenticated.

Implementing Sites and Subnets

The basic objects used for managing replication is:

Subnets:A partition of a network.

Sites: A Active Directory site is a logical object that contain servers and other objects related to replication.

Site links:A site link is created to define the types of connections that are available between the components of a site.

Creating Sites and Subnets

To create a site open the Active Directory Sites and Services Tool from Administrative Tools.Then expand the Sites folder Right-click the Default-First-Site-Name item and choose rename.Create a new site by right-clicking the Sites object and select New Site. After you have created sites to map your network topology you then need to define the subnets that define site boundaries. Open the Active Directory Sites and Services Tool from Administrative Tools and expand the Sites folder.Right-click Subnets folder and select New Subnet. After you have provided information about sites,subnets,site-links and site-link bridges the Knowledge-Consistency Checker creates the replication topology. The default replication interval is 180 minutes which you can configure.

Monitoring and Troubleshooting Active Directory Replication

For the most the part replication between domain controllers is automatic.However you still need to monitor the performance of the replication because incorrect configurations can sometimes prevent the syncronization of information between domain controllers.

To do this you can use the System Monitor Administration Tool.You can take several steps to troubleshooting the replication:

1.Verify Network Connectivity

2.Verify Router and Firewall Configurations

3.Check the Event Logs if a replication configuration error occurs information is written to the Directory Service and File Replication Services event logs.

4.Verify that the Information is Syncronized

5.Verify Authentication Scenarios

6.Check Replication Topology.The Active Directory Sites and Services Tool allows you to verify the replication topology.To do this right-click the NTDS Settings within a Server object and choose All Tasks and then check Replication,or you can use the command-line utility Repadmin.