AD Replication Part1 help

Posted on 2011-03-19
Medium Priority
Last Modified: 2012-05-11
I need some help in understanding the concepts of the AD  replication;

Initiating the replication can be done the following way:- Initiating Replication Using the Sites and Services Manager Snap-in

   1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
   2. Expand the Sites container in the left pane. Expand the container that represents the name of the site containing the target server that needs to be synchronized with its replication partners.
   3. Expand the Servers container, and then expand the target server to display the NTDS Settings object (an object that represents settings for the domain controller).
   4. Click the NTDS Settings object. The connection objects in the right pane represent the target server's direct replication partners.
   5. Right-click a connection object in the right pane, and then click Replicate Now. Windows 2000 initiates replication of any changes from the source server (the server represented by the connection object) to the target server for all directory partitions the target server is configured to replicate from the source server.

*********Now can the same procedure be adopted for the Exchange 2007, Exchange 2010.**********

Further to it:-

How Replication is Tracked

    * USN - Each object has an Update Sequence Number (USN), and if the object is modified, the USN is incremented. This number is different on each domain controller.
    * Stamps - Each object has a stamp with the version number, timestamp, and the GUID of the domain controller where the change was made

********Please provide any example to the USN. Where can I find USN?**********
******Please tell any example of stamp and where can I find it. How GUID is different from SID, where can I find GUID?*********

Domain controllers each contain a "replica" which is a copy of the domain directory. The "directory update type" indicates how the data is replicated. The two types are:

    * Origination update - A change made by an administrator at the local domain controller.
    * Replicated update - A change made to the replica because of a replication from a replication partner.

********Where can I find the Origination Update and Replicated update?***************

Replication Sequence


    * Latency - The required time for all updates to be completed throughout all comain controllers on the network domain or forest.
    * Convergence - The state at which all domain controllers have the same replica contents of the Active directory database.
    * Loose consistency - The state at which all changes to the database are not yet replicated throughout all controllers in the database (not converged).

*************How can I monitor Latency, Convergence, Loose consistancy? What are there causes and how can we avoid them? What are replication partners? What vulnerabilities can occur? ************

Question by:kunalclk
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3

Expert Comment

ID: 35175584
go to active directory and click to view + and advanced fonctionality
and right click on the object proprities + and then object
see the picture attached


Author Comment

ID: 35187891
joensw hablo espenoiel; si pokito pokito por favour. Please give any explanation since I need help to learn the skills. I do not have server installed. kindly provide some discusion by your end not just from any book or internet site. I am a novice.

Expert Comment

ID: 35191178
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.


Accepted Solution

joensw earned 1500 total points
ID: 35197203

Expert Comment

ID: 35197206
in this link go to Directory Replication

Author Comment

ID: 35204671
It takes long to open. Can you just type and brief me with the idea since the book language makes it confusing.

Expert Comment

ID: 35205364
Using the Active Directory, any domain controller can receive updates or additions to the Active Directory database. These changes are propagated to other domain controllers based on update sequence numbers (USNs). The USN is a 64-bit number used by the Active Directory to determine which updates are the most recent. In addition to the server's USN, each property (or attribute) in the database has its own property version number. These two numbers are used by multimaster replication to ensure that updates are correctly applied throughout the enterprise.
Because all replicas of the directory database can be written to, it is possible that a change can be made before a previous change has been fully replicated throughout the enterprise. Some directory databases use timestamps to determine which update is the most recent. This method requires that every server be tightly synchronized with all other servers with respect to the correct time. Windows 2000 does provide a time service that can be used to synchronize servers, but with one exception: The timestamp is not the method used to determine which is the correct update to apply to a directory update message.

Each server in a network has its own USN, which it advances when it makes an update to the directory. Each server also stores a table of USNsthe highest USN it has received during previous replications from each server in the network. When replication starts, a server requests from other servers only those changes that have a higher USN than the one it has stored for each server during previous replication sessions. This minimizes the amount of information that needs to be exchanged between servers during the replication procedure. Because each server knows exactly which changes it has received from every other server in the network, replication between servers is efficient.

This method also allows a server to recover quickly when it crashes or some other failure, such as a network failure, occurs. All it must do is request updates that are greater than the USN it has stored for the other servers in the network. This means that a full replication between servers is not necessary in the event of a catastrophe.

Author Closing Comment

ID: 35335504

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question