[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1427
  • Last Modified:

Windows 2003/2008 AD intra-site replication

I'm confused about our windows AD replication.  It's at Windows 2003 forest and domain functional level.  The documentation seems to indicate that if I make a change in AD it will be replicated very quickly throughout the DCs in the same site.  AD sites and services shows automatically generated connection objects with a schedule set to 1/hr for the intra-site DCs to and from eachother.  If I create a new user, delete a group, or change a password how long should it take for the changes to propagate?  

0
mbromb
Asked:
mbromb
  • 3
  • 2
1 Solution
 
Mike KlineCommented:
Yes for intrasite replication the changes should happen very fast for you...within seconds (I almost think of it like a near instant change for DCs within the same AD site)
 
Some more info:
http://technet.microsoft.com/en-us/library/cc728010%28WS.10%29.aspx 
"...Determining when intrasite replication occurs

Directory updates made within a site are likely to have the most direct impact on local clients, so intrasite replication is optimized for speed. Replication within a site occurs automatically on the basis of change notification. Intrasite replication begins when you make a directory update on a domain controller. By default, the source domain controller waits 15 seconds and then sends an update notification to its closest replication partner. If the source domain controller has more than one replication partner, subsequent notifications go out by default at 3 second intervals to each partner. After receiving notification of a change, a partner domain controller sends a directory update request to the source domain controller. The source domain controller responds to the request with a replication operation. The 3 second notification interval prevents the source domain controller from being overwhelmed with simultaneous update requests from its replication partners.


For some directory updates in a site, the 15 second waiting time does not apply and replication occurs immediately. Known as urgent replication, this immediate replication applies to critical directory updates, including the assigning of account lockouts and changes in the account lockout policy, the domain password policy, or the password on a domain controller account...."

Thanks
Mike
0
 
mbrombAuthor Commented:
I read the same, but I made a  new user and deleted a group on DC1.  It took at least 15 minutes to get to another DC in the same site, DC2.
0
 
Mike KlineCommented:
something is not working as it should if you are at 2003 and all the DCs are within the same site.  It shouldn't take 15 minutes.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
mbrombAuthor Commented:
repadmin /showrepl shows the domain replicating often.  Maybe it's just not showing in the gui when I switch the DC ADUC is looking at.  Is there a way to see the history of reps, replmon or events?

It seems the connection objects under NTDS settings control only ForestDnsZones?  That seems to be the only naming context that can be designated for intra and inter site DCs.  Are the ones for intrasite DCs even needed?

So, basically intrasite replication is not controlled from sites and services, only inter-site?  Intrasite is all hardwired?

Thanks,
Matt
0
 
ARK-DSCommented:
Hello,

What mkline71 has stated is correct in case of 2003 forest functional level.

About your question about NTDS settings objects, they are there for any kind of replication, intersite or intrasite.
There is something called ISTG: Inter Site Topology Generator. This component decides which DC will act as a BridgeHEad server for its site. (A bridgeHEad server is responsible for replication with the bridgehead server of the other site) And that server's NTDS connection is user to inter-site replication as well...

Regards,
Arun
0
 
mbrombAuthor Commented:
I wasn't able to create a connection object with another naming context other than the ForestDnsZones.  And it seems that the intrasite repl does it's thing regardless of what is in Sites and Services.  

I manually changed the IP bridgeheads to be our new 2008 DCs, but I notice that the ISTG is still listed as the older, probably first, DCs in the sites.  I'll be decommissioning the old DCs. so I'm guessing the ISTG role will move.  i haven't seen anydocumentation on moving it otherwise.

Thanks,
Matt
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now