Active Directory Replication

Posted on 2008-11-10
Last Modified: 2012-05-05
We brought up a new domain controller on Friday night, which qualifies as the 11th DC in our domain.  When I look in AD Sites and Services this morning, I see that it has an automatically generated NTDS replication with every other dc on the network, while all other existing domain controllers have 2 NTDS replication partners.  Is this typical behavior of a new domain controller which is brought up onto the network, or should I perhaps look into this more thoroughly?
Thanks in advance
Question by:Joseph Daly
    LVL 4

    Accepted Solution

    This isn't something you should be too concerned about...  Automatically generated is always there by default within each AD Site, but can be manually modified within the NTDS settings of each individual domain controller.  Which is likely the case why the previous DC may only have a few replication partners, the must have been modified manually at some point, or the were moved from one AD site to another at some point?
    LVL 35

    Author Comment

    by:Joseph Daly

    What I can definitively say is that the other sites have not had the NTDS settings modified, as the majority of the newer domain controllers have been brought up since I was with the company.   I just double-checked and every other site definitely has two partners, which I'm pretty sure is how AD works out of the box.  My working theory is that it's doing this (perhaps) because it's still finishing it's first time replication with all the domain controllers in the forest..  However my confidence level is not high, and that's what prompted me to ask the forum...  Thanks for taking the time to respond.
    LVL 4

    Assisted Solution

    A way to test whether AD replication is working is to test it.

    You might want to consider creating a test OU and some computer accounts and see whether it gets replicated over to the new AD and also create some test folders and files on the SYSVOL and see whether if it gets replicated.

    You might want to consider increasing the replication timing so that it replicate faster. :0

    Hope the information helps.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now