Labels

Active Directory Domain Services Sites and Replication

AD DS Replication Overview

A connection object is an Active Directory object that represents a replication connection from a source domain controller to a destination domain controller. A domain controller is a member of a single site and is represented in the site by a server object in Active Directory Domain Services (AD DS). Each server object has a child NTDS Settings object that represents the replicating domain controller in the site.

AD DS Partitions

Characteristics of AD DS Replication

Key characteristics of Active Directory replication include:

  • Multi-master replication
  • Pull replication
  • Store-and-forward
  • Partitions
  • Automatic generation of an efficient, robust replication topology
  • Attribute-level and multivalue replication
  • Distinct control of intrasite and intersite replication
  • Collision detection and remediation

How AD DS Replication Works Within a Site

Intrasite replication uses:

  • Connection objects for inbound replication to a domain controller
  • KCC to automatically create topology
  1. Efficient (maximum three-hop) and robust (two-way) topology
  • Notifications in which the domain controller tells its downstream partners that a change is available
  • Polling, in which the domain controller checks with its upstream partners for changes
  1. Downstream domain controller directory replication agent replicates changes
  2. Changes to all partitions held by both domain controllers are replicated



Resolving Replication Conflicts

  • In multi-master replication models, replication conflicts arise when:
  1. The same attribute is changed on two domain controllers simultaneously
  2. An object is moved or added to a deleted container on another domain controller
  3. Two objects with the same relative distinguished name are added to the same container on two different domain controllers
  • To resolve replication conflicts, AD DS uses:
  1. Version number
  2. Time stamp
  3. Server GUID

How Replication Topology Is Generated


How RODC Replication Works

When an RODC is implemented:

  • The KCC detects that it is an RODC and creates one-way-only connection objects (black) from one or more source domain controllers
  • Write referrals are sent to the source domain controllers from the RODC (gray)

An RODC performs Replicate Single Object inbound replication during:

  • Password changes
  • DNS updates to a writable DNS server
  • Updates to various client attributes

 

How SYSVOL Replication Works

  • SYSVOL contains logon scripts, Group Policy templates, and GPOs with their content
  • SYSVOL replication can take place using:
  1. FRS, which is primarily used in Windows Server 2003 and older domain structures
  2. DFS Replication, which is used in Windows Server 2008 and newer domains
  • To migrate SYSVOL replication from the FRS to DFS Replication:
  1. The domain functional level must be at least Windows Server 2008
  2. Use the Dfsrmig.exe tool to perform the migration



 

 

 

 

 

 

 

 

 

 

 

 

 

 

Labels:

Comments

Post a Comment

Popular Posts

Disclaimer

This blog is not intended to be advice on how to manage your environment. these accounts are based on experiences of my own lab. Always approach information you find outside official documentation with skepticism and follow the golden rule: Never test in production.