$LabMice.net - The Windows 2000\XP\.NET Resource Index$
Home \| About Us \| Search	Last Updated December 10, 2003

Active Directory
Getting Started
Administration
ADSI
Book Reviews
Deployment
Domain Controllers
Group Policy
How To Guides
Install & Configure
LDAP
Replication
Troubleshooting

Active Directory Replication

One the great new features of the Windows 2000 domain model and Active Directory, is that each and every domain controller can directly write to the user database. (In NT 4.0, only the Primary Domain Controller could.) There are no more PDC's and BDC's, only domain controllers. Each of these domain controllers then replicates the changes to the other domain controllers that uses a complex algorithm to decide which changes should take precedent. To avoid a Pandora's box of problems, you need to understand how the replication process takes place, and how to make sure it's running smoothly,

Where to Start

Active Directory Replication Model
Sample chapter 6 from the Windows 2000 Resource Kit. Explains how Active Directory Replication updates changes on domain controllers while maintaining data integrity, and how it uses a connection topology that optimizes network connections. Another copy is here. Source: Microsoft.com

Active Directory Replication Traffic
An article excerpted from "Optimizing Network Traffic" which is part of the Microsoft Press "Notes from the Field" series that outlines best system management practices and procedures.

Directory Replication Basics for Windows 2000
Microsoft Knowledge Base Article: 199174 This article describes new terms, design considerations, and a simple example about how to configure sites in your organization.

Understanding Active Directory Replication
Sample chapter 14 from Creating Active Directory Infastructures, published by Prentice Hall, PTR In previous chapters, you have been introduced to Active Directory replication. Replication is the process of sending update information for data that has changed in the directory to other domain controllers. As a part of the Active Directory planning and implementation process, you should have a firm understanding of replication and how it takes place both within the domain and in multiple-site environments. This chapter provides you with a conceptual look at replication, both intrasite and intersite. You can learn more about intersite replication and sites in Chapter 15.

Resources...

Active Directory Conflict Resolution
Multimaster replication provides better fault tolerance because it doesn©t rely on one master copy. Nevertheless, certain situations cause conflicts that the Active Directory must resolve. Source: Windows & .NET Magazine, Sept. 1999

Authoritative Restore of Active Directory and Impact on Trusts and Computer Accounts
Microsoft Knowledge Base Article: 216243 - The Authoritative Restore feature allows an administrator to select specific objects or subtrees of objects from an archived Active Directory database and restore them to a domain controller. Note that doing so causes Active Directory replication to replicate this restored state (the System State) of objects, overwriting the copies currently held on all domain controllers within the domain. The restored objects receive a USN greater than the current set of domain objects.

Active Directory Updates
Explains how Active Directory Replication updates changes on domain controllers while maintaining data integrity, and how it uses a connection topology that optimizes network connections.

Best Practices for Sysvol Maintenance
Microsoft Knowledge Base Article 324175 - The System Volume (Sysvol) provides a default Active Directory location for files that must be shared for common access throughout a domain.

Building Site Link Bridges
In the first two parts of this series ( Using Sites in Windows 2000 and Inter-site Replication ), I've explained how breaking your Active Directory into sites can reduce replication-related network traffic over slow WAN links. Source: EarthWeb (Oct 30, 2000)/p>

Configuring Sites Within Active Directory: Troubleshooting Active Directory Replication
Selecting a preferred bridgehead server, and other solutions to poor performance in Active Directory replication. Source: EarthWeb (Oct 30, 2000)

Directory Replication in Windows 2000, Wednesday, April 26, 2000
Microsoft Support WebCast This is a four part series addressing Active Directory Replication in Windows 2000. Part 1: Part 2: Part 3: Part 4:

Dynamic Update and Secure Dynamic Update
Sample chapter from the Windows 2000 Resource Kit. Discusses new features of Windows 2000 DNS, such as Active Directory integration, multimaster replication, dynamic and secure dynamic update, and aging and scavenging. Also discusses integration with WINS and interoperability with other DNS servers. Source: Microsoft.com

How Conflicts Are Resolved in Active Directory Replication
Microsoft Knowledge Base Article: 230123 - Active Directory in Windows 2000 uses a replication model called "multi-master loose consistency with convergence." All computers that provide multi-master updates must deal with potential conflicts that may arise when concurrent updates originating on two separate master replicas are inconsistent. This article provides a basic overview of how Active Directory deals with these conflicts.

How to Disable or Enable Active Directory Replication in Windows 2000
Microsoft Knowledge Base Article: 321153 - In Windows 2000, you may have to disable replication on a particular domain controller to isolate that server for testing or to run restore processes. With this functionality, you can fully test changes on a destination domain controller before you implement them in your organization. It is a good idea to do this kind of testing when you implement schema changes, security changes, Group Policy changes, and authoritative restore procedures

How to Disable the Knowledge Consistency Checker Inter-Site Topology Generation for All Sites
Microsoft Knowledge Base Article: 245610 - The Knowledge Consistency Checker (KCC) is a Windows 2000 component that automatically generates and maintains the intra-site and inter-site replication topology. You can disable the KCC's automatic generation of intra-site or inter-site topology management, or both.

How to Modify the Default Intra-Site Domain Controller Replication Interval
Microsoft Knowledge Base Article: 214678 - This article describes how to modify the default intra-site domain controller replication interval.

How to Optimize Active Directory Replication in a Large Network
Microsoft Knowledge Base Article: 244368 - This article describes how to optimize Active Directory replication in large network configurations.

How to Rename an Object After a Replication Collision Has Occurred
Microsoft Knowledge Base Article: 297083 - This article describes how to rename an object after a replication collision has occurred.

HOW TO: Use DNSLint to Troubleshoot Active Directory Replication Issues
Microsoft Knowledge Base Article: 321046 - This article describes how to use the DNSLint utility to troubleshoot Active Directory replication issues.

HOW TO: Use the Replication Monitor to Determine the Operations Master and Global Catalog Roles
Microsoft Knowledge Base Article: 297230 - This article describes how to use the Active Directory Replication Monitor (ReplMon.exe) tool to determine the servers that hold the operations master roles in a forest as well as the domain controllers and global catalog servers for the fo

Initiating Replication Between Active Directory Direct Replication Partners
Microsoft Knowledge Base Article: 232072 - Describes four ways of initiating replication between direct replication partners.

MSDSS Deployment: Implementing Synchronization and Migration
This paper provides a planning guide for deploying Microsoft Directory Synchronization Services (MSDSS). Source: Microsoft.com (June 27,2000)

MSDSS Deployment: Understanding Synchronization and Migration
This paper introduces Microsoft Directory Synchronization Services (MSDSS) to information technology (IT) professionals and business analysts who are responsible for the overall architecture, technical design, development, and deployment of directory solutions. Source: Microsoft.com (June 27,2000)

Network Performance Is Slow and Directory Services Are Unstable with KCC in Large Domain
Microsoft Knowledge Base Article: 289185 - In a large Windows 2000-based domain that spans many sites, when you use the Knowledge Consistency Checker (KCC) to automatically generate and maintain the intra-site and inter-site replication topology, network performance may be slow

Replication Topology
Explains how Active Directory Replication updates changes on domain controllers while maintaining data integrity, and how it uses a connection topology that optimizes network connections.

Restricting Active Directory Replication Traffic to a Specific Port
Microsoft Knowledge Base Article: 224196 - By default, Active Directory replication over RPC (Remote Procedure Calls) takes place dynamically over an available port via the RPC Endpoint Mapper (RPCSS) using port 135; the same as Microsoft Exchange.

Replication Schedule for Intra-Site Replication Partners
Microsoft Knowledge Base Article: 232264 - In the Active Directory Sites and Services administrative tool, the Active Directory replication schedule does not specify how often pending changes are replicated. Instead, this period is controlled by the registry.

Synchronizing Windows 2000 Active Directory with Novell Directories
Microsoft Directory Synchronization Services (MSDSS), included with Services for NetWare 5, makes Active Directory synchronization with NDS and NetWare 3.x binderies possible. Source: Microsoft.com

The Role of the Inter-Site Topology Generator in Active Directory Replication
Microsoft Knowledge Base Article: 224815 - The Knowledge Consistency Checker (KCC) is an Active Directory component that is responsible for the generation of the replication topology between domain controllers. This article describes the role of one server per site

Troubleshooting Active Directory Replication
In the first three parts of this series, I explained the importance and techniques of breaking large organizations into sites for the purpose of Active Directory replication. As you've no doubt learned, a considerable amount of planning should go into dividing your network, because doing so can be complicated. Source: EarthWeb (Dec 2000)

Urgent Replication Triggers in Windows 2000
Microsoft Knowledge Base Article: 232690 - The majority of Active Directory replication in Windows 2000 takes place at predefined intervals. However, select changes to objects in Active Directory must take place immediately to allow for proper administration of a domain. This article describes Urgent Replication events as they pertain to Windows 2000 domains, Windows 2000 and Microsoft Windows NT 4.0 mixed-domain environments, and password changes.

Using Sites in Windows 2000
When dealing with a large enterprise-level Active Directory structure, one of the more important concepts is replication . Replication is the process of sharing Active Directory updates between domain controllers. Many challenges are involved in replicating database changes across a large enterprise. Source: EarthWeb (Oct 8, 2000)

Using the Replication Monitor
In Part 1 of this series, I discussed the fact that every once in a while it's possible for your Active Directory to develop inconsistencies or various other problems. If these problems are replicated to other domain controllers, then a minor problem can quickly turn into a major one. Source: EarthWeb (Dec 21, 2000)

Using Repadmin.exe to Troubleshoot Active Directory Replication
Microsoft Knowledge Base Article: 229896 - Repadmin.exe is a Microsoft Windows 2000 Resource Kit tool that is available in the Support Tools folder on the Windows 2000 CD-ROM. It is a command-line interface to Active Directory replication. This tool provides a powerful interface into the inner workings of Active Directory replication, and is useful for troubleshooting Active Directory replication problems. This article describes the basic use of the Repadmin.exe tool.

Online Seminars

Active Directory: Database Sizing and Traffic Analysis
Product: Microsoft Windows 2000
DNS Category: Infrastructure (I) - (I) Data
Track: Network Infrastructure September 16, 1999
74 min., 6 sec.; 67 slides

Active Directory: Replication (Part 1)
Product: Microsoft Windows 2000
DNS Category: Infrastructure (I) - (I) Data
Track: Network Infrastructure September 16, 1999
82 min., 10 sec.; 42 slides

Active Directory: Replication (Part 2)
Product: Windows 2000
DNS Category: Infrastructure (I) - (I) Data
Track: Network Infrastructure September 16, 1999
67 min., 58 sec.; 44 slides

Troubleshooting: Known Bugs and Issues

How to Enable Debug Logging in the Microsoft Directory Synchronization Services Tool
Microsoft Knowledge Base Article: 269536 - This article describes how to enable debug logging in the Microsoft Directory Synchronization Services (MSDSS) tool.

Active Directory Replication and Knowledge Consistency Checker Fail without Trusted Domain Object
Microsoft Knowledge Base Article: 257844 - In the event log of a Windows 2000 domain controller, one of the following error messages may appear:

Active Directory Integrated DNS Zones Do Not Replicate Across Domain Boundaries
Microsoft Knowledge Base Article: 286753 - This article describes why Active Directory integrated zones do not replicate between different domains.

Active Directory Replication Delayed When Indexed Attributes Rebuilt During Schema Upgrade
Microsoft Knowledge Base Article: 307323 - Selected attributes in Active Directory databases are indexed to enhance performance for LDAP searches and internal operations in the operating system. A schema change that indexes existing attributes in a Windows 2000 forest or adds new indexed attributes may delay Active Directory replication until the indexing process has completed.

Directory Replication Fails with Event ID 3216
Microsoft Knowledge Base Article: 168464 - You may experience either of the following symptoms:

Directory Replication Stop Messages
Microsoft Knowledge Base Article: 150297 - When you click OK in the Directory Replication dialog box, one of the following STOP messages appears:

Directory Replication May Not Work with Large Group Update to Active Directory
Microsoft Knowledge Base Article: 289168 - When a large group update is made to the Active Directory, directory replication may not succeed.

Inbound Replication to Global Catalog Servers Does Not Work Because of a Database Error
Microsoft Knowledge Base Article: 253644 - Under certain circumstances, inbound replication to Global Catalog (GC) servers can halt due to a database error. This database error is not database damage, but is caused by a scenario that is characterized by the following: (updated 812001)

Quick Directory Replication Troubleshooting Tip
Microsoft Knowledge Base Article: 132522 - If one or more of your Windows NT servers are configured to use the Directory Replicator service and they are not importing or exporting correctly, then the following common tip for correcting Directory Replication problems.

Directory Replication: Can't Remove Directories
Microsoft Knowledge Base Article: 113662 - When you remove imported or exported directories from the Directory Replication dialog box (from the Server portion of Control Panel), they do not stay removed. The directories continue to be replicated.

Microsoft Certificate Authority Is Required to Perform Inter-Site SMTP Based Active Directory Replication
Microsoft Knowledge Base Article: 222962 - To use Simple Mail Transfer Protocol-based (SMTP-based) inter-site Active Directory replication, a Microsoft Certificate Authority must be used. An Enterprise Certificate Authority is the designed mechanism.

Name Collision in Active Directory Causes Replication Errors
Microsoft Knowledge Base Article: 281485 - The following error message may be displayed when you attempt to replicate changes between replica partners in the Active Directory Sites and Services tool: The following error occurred during the attempt to synchronize the domain controllers. The naming context is in the process of being removed or is not replicated from the specified server. You may also find event ID 1226 or 1265 in the System event log.

Replication Does Not Work When there Is a Name Conflict on a Global Catalog
Microsoft Knowledge Base Article: 271946 - If a Global Catalog (GC) server that does not have a writable copy of the partition contains an object in its naming context that was deleted on the server with the writable partition and the deletion of the object was not replicated to the GC, the GC may stop replicating on that naming context until the problem is resolved.

Removing Entry from Directory Replication Configuration Fails
Microsoft Knowledge Base Article: 150104 - Modifications to the To or From lists in the Directory Replication dialog box are not saved when you also change the status of replication (that is, whether to import or export directories) before clicking OK to accept the changes and close.

"Replication Access Was Denied" Error Message When Attempting to Synchronize Domain Controllers
Microsoft Knowledge Base Article: 262795 - When you use the Active Directory Sites and Services snap-in from a child domain to force replication from a parent domain or another child domain at the same level, you may receive the following error message:

RPC Error Messages Returned for Active Directory Replication When Time Is Out of Synchronization
Microsoft Knowledge Base Article: 257187 - When you are viewing the status of Active Directory replication between two domain controllers, the following messages may be displayed for the result of the last replication attempt:

Unnecessary LSA Replication Traffic Is Sent to Windows NT 4.0 and 3.5x Domain Controllers in a Mixed Domain
Microsoft Knowledge Base Article: 255295 - When you operate a Windows 2000-based mixed domain that contains backup domain controllers (BDCs) that are running Microsoft Windows NT version 3.51 or 4.0, unnecessary replication traffic may be directed at the down-level domain controller.

Unsuccessful Replication Without Partner Listed
Microsoft Knowledge Base Article: 232538 - Any of the following situations may occur with Active Directory replication: 1) A replication connection object to a domain controller, either in the same domain or a trusted domain, is not created because the remote domain controller is not listed in the Active Directory Sites and Services Find Domain Controllers dialog box. 2) A replication connection is not automatically established between a local domain controller and a remote domain controller, either in the same or a trusted domain, because the necessary NTDS Settings object does not appear for the server in the Active Directory Sites and Services administrative tool.

Using Repadmin.exe to Troubleshoot Active Directory Replication
Microsoft Knowledge Base Article Q229896 - Repadmin.exe is a Microsoft Windows 2000 Resource Kit tool that is available in the Support Tools folder on the Windows 2000 CD-ROM. It is a command-line interface to Active Directory replication.

Windows 2000 Domain Controller Logs Event 1153 and Stops Replicating
Microsoft Knowledge Base Article: 268995 - A Windows 2000 domain controller may stop responding (hang) while replicating schema updates to other domain controllers in the domain and log event ID 1153.

This site and its contents are Copyright 1999-2003 by LabMice.net. Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with LabMice.net. The products referenced in this site are provided by parties other than LabMice.net. LabMice.net makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.