Active Directory Replication

Active Directory Replication

This video looks at how Domain Controllers in Active Directory replicate data between each other. Domain Controllers can either replicate at the site level or between sites. A different approach is used for each because at the site level you want changes to happen quickly. Between sites replication may be reduced and may even be configured to happen only outside business hours.

Demonstration 12:35

Intrasite replication
This is replication that happens inside one site between the Domain Controllers in that site. Active Directory will automatically connect all the Domain Controllers together to form a ring. Each Domain Controller will have two incoming connections and two outgoing connections. This ensures some redundancy in the site if a Domain Controller were to become unavailable.

Intrasite replication happens 15 seconds after a change is made to the Active Directory database. If there are more than 3 hops between Domain Controllers in the one site, then more connections will be made between the Doman Controllers until the hop count is less than 3 between all Domain Controllers. This ensures that a change will reach all Domain Controllers in the one site in less than a minute.

Intersite replication
Intersite replication is replication that happens between different sites in Active Directory. These connections are not made automatically and need to be made by an Administrator.

Bridge Head Server
In each site, a Domain Controller is selected to replicate changes from that site to another site. This Domain Controller is called a Bridge Head Server. The Bridge Head Server is selected automatically but you can also manually select a Domain Controller or Domain Controllers to be a Bridge Head Server in a site. If you do manually select the Bridge Head Server/s and all the Bridge Head Servers are down, replication will not occur form that site.

Site Links
A site link is created by an Administrator to link sites together. Site links can have a replication schedule applied to them to determine when replication occurs.

Site Link Cost
Each site link can have a cost associated with it. This is a numeric value that weights the site link. The site links with the lowest cost between two sites will be used. This allows you to configure Active Directory to use backup site links when the primary site link goes down.

Site Transports
Site links support two different transport protocols. These are RPC over IP and SMTP. SMTP does not support file replication and thus on most networks only RPC over IP will be used. SMTP could be used between domains in the forest as this kind of replication does not require file replication. RPC over IP is often referred to as just IP.

Knowledge Consistency Checker (KCC)
The KCC is responsible for creating connections between different Domain Controllers inside a site and between sites. It does this with information from the Active Directory database so, given the same data, it should always make the same decisions about which connection to create. The KCC runs every 15 minutes.

Demonstration
To create site links in Active Directory, open Active Directory Sites and Services from administrative tools under the start menu.

Site links are under Inter-Site Transports. Under here are the two folders for IP and SMTP transports.

Under IP there may be a site link called DEFAULTSITELINK. This is created automatically when Active Directory is installed. You can use this site link or create a new site link. If you do use this site link, it is recommended that you rename the site link to a more meaningful name.

To create a new site link, right click IP or SMTP and select New Site Link. From the wizard you need to select which sites will use that site link. Microsoft recommends that you should not put more than 3 sites in the one site link.

In the properties of the site link you can configure the schedule for the site link, how often replication will occur and also the cost that will be used with the site link.

If you want to see the connections that have been created automatically or manually between different Domain Controllers, expand down until you reach NTDS. In here you will see all the incoming connections for that Domain Controller. To see the outgoing connections, you can open the properties for NTDS and select the connection tab.

If you want to force the KCC to run, right click NTDS settings, select all tasks and then check replication Topology.

To force a replication, right click a connection and select replicate now. Even through the connection is incoming only, this will replicate data in both directions.

Command line
To force the knowledge consistency checker to run, enter the following (without the site parameter this will only run on that Domain Controller):

RepAdmin /KCC site:(Site name)

To force a replication run the following:

RepAdmin /SyncAll

This will show the bridge head servers:

RepAdmin /BridgeHeads

References
“How Active Directory Replication Topology Works” http://technet.microsoft.com/en-us/library/cc755994(WS.10).aspx
“Active Directory Replication Tools and Settings“ http://technet.microsoft.com/en-us/library/cc739941(WS.10).aspx

Comments

comments