In this article will discuss about Active Directory Replication. It is a method of transferring and updating Active Directory objects from one domain controller to another domain controller without fail.
Brief Introduction about Active Directory Replication
The replication of data across the three partitions of the directory. There are schema partition, configuration partition, and domain partition.
- Schema Partition: There are various types of objects (i.e., users and telephone numbers) in the Active Directory Domain Services, and rules for creating, manipulating and utilizing those objects are defined by schema Naming Contexts.
- Configuration Partition: As part of configuration naming contexts, information is provided about what domains and sites exist, what domain controllers are available, and which additional services a domain controller is configured for such Active Directory Certificate Services (AD CS) and Microsoft Exchange Server.
- Domain Partition: Objects such as users, groups, computers, and organizational units are stored in the domain naming context. Full domain naming context replicas contain a writeable replica of all objects and attributes in the domain.
Check out ADDS from Microsoft.
Active Directory Replication is always independent of the forest, tree, or domain structure. Windows Operating System provides two types of replications:
- Intra-site replication: The transfer of data between domain controllers within a site. Protocols used: Remote Procedure Call (RPC)
- Inter-site replication: Domain controllers at different sites exchanges the data. Protocols used: RPC over IP or SMTP.
Intra-site Replication
- Below image defines replication between two domain controllers in same site called lab.com
- The intra-site replication mechanism uses a change notification mechanism instead of polling replication partners for updates, there by reducing unnecessary network traffic.
Inter-site Replication
- In an Inter-site replication topology, a replication route can be created between all sites like spanning tree.
- The replication is designed to minimize traffic rather than CPU cycles since the WAN is connected by slower links. Data is compressed to about 10% to 15% of its original size before being sent.
How Active Directory Replication Works
It is possible to enhance replication efficiency by reflecting the existing network structure in the replication topology. Knowledge Consistency Checker (KCC) generates replication topologies for Active Directory.
Lets create replication between two domain controllers. Login into Server and open Server Manager >Tools > Active Directory Sites and Services open it.
LAB.com is my domain. Currently there is only one domain controller server called win.LAB.com.
Step1: Lets create and configure domain controller for replication purpose in other machine called win2 and it is in WORK GROUP as shown below
Step2: In Add Role and Features select default options for Before You Begin, Installation Type, Server Selection then Active Directory Domain Services (AD DS)
step3: Select the rest of options and final result as shown below. Promote the server to domain controller
Step4: Now it’s time to do deployment the machine and provide domain controller details.
Select default options for Domain Controller Options and DNS options, at Additional option we have to select Replicate options.
select the next options as default.
step5: Domain Controller has been configured to then win2 server.
Step6: Login into Primary domain controller as shown in picture 1. Now see 2 servers are visible.
Now select the NTDS Settings and select replicate now.
Replication between sites by default the replication interval is 180 minutes. It can be reduced to as little as 15 minutes if needed.
Knowledge Consistency Checker (KCC) is a built-in process to generates automatic replication connections between intrasite domain controller server.
You can use the repadmin /showrepl command to understand the replication topology and replication failures.
Create a user account in the first domain controller (win.lab.com) and it will automatically be replicated to the second domain controller (win2.lab.com) and vice versa. run below command to check current state of replication and active directory health.
Repadmin /replsummary
Summary:
Data compression is not supported by intra-site RPC transports however, it is supported by inter-site RPC and SMTP transports. In addition to intra-domain replication, RPC-based replication can be used for configuration information as well as global catalog data.
I appreciate your time, if you have any questions about Active Directory Replication, please leave a comment.
Migrating domain controller as explain in my previous article.