Active Directory Replication And File Replication Service Computer Science

Replication must often occurs both (intrasite) within sites and (intersite) between sites to keep domain and forest data consistent among domain controllers that store the same directory partitions.

1.1 Introduction to Administering DFS-Replicated SYSVOLWhat is FRS?

File replication service (FRS) is related to Active Directory replication because it requires the Active Directory replication technology. FRS is a multiuser replication service that is used to replicate file and folder in the system volume (SYSVOL) shared folder on domain controllers and in Distributed File System (DFS) shared folder. FRS works by detecting changes to files and folders and then replicating the updated files and folders to other replica member, which are connected in a replication topology.

FRS uses the replication topology that is generated by the KCC to replicate SYSVOL files to all domain controllers in the domain. SYSVOL files are required by all domain controllers for Active Directory to function.

2.0 Replication Components and ProcessesHow Replication works?Replication LatencyResolving Replication ConflictsOptimizing Replication2.1 How Replication works?

Active Directory replication is performed through multi-master replication, and only changes are replicated. In other words, changes to the Active Directory can be made at any domain controller, and only the change that is made will be replicated to all other domain controllers. The replication process is invisible to administrators and users. The process first begins with a change notification, which is sent to all domain controllers so they know that there was a change in the Active Directory database, and the change is about to be replicated.

When a domain controller needs to replicate update data, an originating update is established, which determines the kind of change that needs to be made to the Active Directory database. There are four different kinds of originating updates: Add, Modify, ModifyDN, and Delete.

2.2 Replication Latency

For the Default Replication Latency (Change Notification) is 5 minutes. When no changes, scheduled replication is 1 hour. Urgent Replication is same with the Immediate Change Notification.

2.3 Resolving Replication Conflicts

Conflicts can be due to:

Attribute Value

Adding/Moving Under a Deleted Container Object or the Deletion of a Container Object

Sibling name

For replicated tables that are subject to conflicts, create the table with a special column of type BINARY(8) to hold a timestamp value that indicates the time the row was inserted or last updated. You can then configure Timestamp to automatically insert a timestamp value into this column each time a particular row is changed.

2.4 Optimizing Replication

The efficiency of replication between sites is optimized by cost settings on site links that favour replication routes between specific sites. The KCC uses site link configuration information to enable and optimize replication traffic by generating a least-cost replication topology. Within a site, for each directory partition, the KCC builds a ring topology that tries to set a maximum number of hops (three) between any two domain controllers. Between sites, the KCC on the domain controller that has the intersite topology generator (ISTG) role creates the topology based on site link cost.

3.0 Replication Topology

The replication topology is the current set of Active Directory connections by which domain controllers in a forest communicate over local area networks (LANs) and wide area networks (WANs) to synchronize the directory partition replicas that they have in common. The replication topology ensures the transfer of changes to all directory partition replicas in the forest without redundancy. Replication topology generation is dynamic and adapts to network conditions and availability of domain controllers.

Directory Partitions

What is Replication Topology

Global Catalog and Replication of Partitions

Replication Topology Generation

Using Connection Object

3.1 Directory Partition

The three partitions are Schema, Configuration, and Domain.

For the Schema partition contains a list of definitions that define what object and attributes for those objects can exist in the Directory. All domain controller tree shares a common and schema, and schema modifications are replicated across the forest.

For the Configuration Partition contains information about the physical structure of the Active Directory. Configuration information is replicated to all domain controllers in the tree or forest.

For the Domain Partition contains information about all Active Directory object that are specific to that domain, such as users and group, OUs and other resources. All Domain Partition information is completely replicated to all domain controllers within the domain.

3.2 What is Replication Topology?

The replication topology is the pathways that domain controllers use to send and receive replication traffic. Replication occurs through direct replication partners among domain controllers. To ensure a consistent replication topology, domain controllers use global configuration data to arrive at the same view of domain controller data.

Replication between domain controllers in the same site occurs automatically in response to changes and does not require administrative management. Replication within a site is sent uncompressed to reduce processing time.

3.3 Global Catalog and Replication of Partitions

A global catalog server can also store a full, writable replica of an application directory partition, but objects in application directory partitions are not replicated to the global catalog as partial, read-only directory partitions.

3.4Replication Topology Generation

The replication topology is generated by the Knowledge Consistency Checker (KCC), a replication component that runs as an application on every domain controller and communicates through the distributed Active Directory database. The KCC functions locally by reading, creating, and deleting Active Directory data.

3.5 Using Connection Objects

Connection Object is created by automatically or manually on each domain controller. After that use active directory sites and services to manually create, delete, and adjust connection object. Then use the replicate now option to manually initiate replication.

4.0 Using Sites to Optimize Active Directory ReplicationWhat are sites?Replication within the sitesReplication between the sitesReplication Protocols4.1 What are sites?

The first site is set up automatically called Default-First-Site-Name. Sites can consist of zero, one, or more subnets. Sites are used to control replication traffic and logon traffic and it contains server objects and is associated with IP subnet object.

4.2 Replication within the sites

Active Directory handles replication within a site, or intrasite replication. It is occurs between controllers in the same site. Assumes fast and highly reliable network link. Directory updates replicated within a site are not compressed and its uses a change notification mechanism.

4.3 Replication between the sites

Active Directory handles replication between sites, or intersite replication. Replication between the sites is designed to optimize bandwidth and it is usally limited. It occurs on a manually defined schedule. One or more replicas in each site act as bridgeheads.

4.4 Replication Protocols

FRS uses PRC over TCP for inter-site and intra-site replication for DFS content. While well suited to moving files, Simple Mail Transfer Protocol (SMTP) or mail-based replication (MBR) is limited to replication of the schema, configuration, and global catalog. RPC is for replication within and between sites and SMTP for replication between sites.

5.0 Implementing Sites to Manage Active Directory ReplicationCreating sites and subnetsCreating and configuring site linksCreating a site link bridge5.1 Creating sites and subnets

Users can use the Active directory sites and service snap-in to create new sites and subnets. For creating a site object design, every location where users have to decided to create site, plan to create site objects in Active Directory Domain Services (AD DS). For creating a subnet object design, every IP subnet and subnet mask associated with each location, plan to create subnet objects in AD DS representing all the IP addresses within the site.

Step for creating sites:

First click Administrative Tool, and then click active directory site and services.

In the console tree, right-click Sites, and then click New Site. In Name, type the name of the new site.

In Link Name, click a site link object, and then click OK.

Step for creating subnet:

First click Administrative Tool, and then click active directory site and services.

In the console tree, double click Sites, right-click Subnets, and then click New Subnet. In Prefix, type the IP version 4 (IPv4) or IP version 6 (IPv6) subnet prefix.

In Select a site object for this prefix, click the site to associate with this subnet, and then click OK.

5.2 Creating and configuring site links

Step for creating a site links:

Open the Active Directory Sites and Services console

Open the Sites folder, and then open the Inter-Site Transports folder

Right-click either the IP folder or the SMTP folder, and choose New Site Link from the shortcut menu.

The New Object-Site Link dialog box opens. In the Name field, enter a name for the new site link.

In the Sites Not in This Site Link box, select the sites to connect. Click Add. Then click OK.

Step for configuring site links

Open Active Directory Sites and Services. In the console tree, click the inter-site transport folder that contains the site link whose schedule you want to adjust.

In the details pane, right-click the site link whose schedule you want to adjust, and then click Properties. Click Change Schedule.

Select the block of time you want to schedule, and then click Replication Not Available or Replication Available.

5.3 Creating a site link bridge

A site link bridge connects two or more site links and enables transitivity between site links. Each site link in a bridge must have a site in common with another site link in the bridge.

Step for creating site Link Bridge:

Open Active Directory Sites and Services. In the console tree, right-click the intersite transport folder (such as IP or SMTP) for which you want to enable or disable site link bridges, and then click Properties.

If want enable a site link bridge then select bridge all site links check box. Otherwise, clear the bridge all site links check box.

6.0 Monitoring Replication TrafficWhat is Replication Monitor?Using Replication Monitor to Monitor Replication TrafficUsing Repadmin to Monitor Replication Traffic6.1 What is Replication Monitor?

With the Replication Monitor, user can display the replicating partner and also display each USN value, the number of failed attempts, reason and flags. Users also can poll the server at an administrator-defined interval and monitor the count of failed replication attempts. After that, show also which objects have not yet replicated. Synchronize between just two Domain Controllers and trigger the KCC into recalculating the replication topology.

6.2 Using Replication Monitor to Monitor Replication Traffic6.3 Using Repadmin to Monitor Replication Traffic7.0 Adjusting Replication

Modify the replication behavior by:

Creating Additional Connection Objects to:

Reduce the number of hops between domain controllers

Bypass the failed server or servers

Configuring Preferred Bridgehead Servers

7.1 Troubleshooting active directory replication

Replication does not finish

Replication slow

Replication increases network traffic

Replication Client are receiving a slow response

KCC was unable to complete the topology