?
Solved

Active Directory 2003 High Replication

Posted on 2014-01-02
6
Medium Priority
?
248 Views
Last Modified: 2014-02-05
Hello experts,

We have a domain reporting very high replication traffic. Do you have any suggestions on what tool/s I could use to determine where or what source it is coming from?

Thank you!
0
Comment
Question by:syseng007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 

Author Comment

by:syseng007
ID: 39752325
..
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 39752345
0
 

Author Comment

by:syseng007
ID: 39752382
I actually meant what application is triggering the high replication.......thanks again.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 39753208
If this is AD replication traffic, you may run in command-line on your DC this command

repadmin /replsummary

Open in new window


and you will see how much time the replication took and how many objects were replicated

Regards,
Krzysztof
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 2000 total points
ID: 39755702
High bandwidth utilization between DCs
http://www.frickelsoft.net/blog/?p=185

You can use Netmon or Wireshark to capture the traffic & analyze the packet from where they are coming.

Check the zone type and change to Forestdnszone or domain dns zone if it set to All domain controllers in this domain (for Windows 2000 compatibility) :http://technet.microsoft.com/en-us/library/%20cc730964

Also verify the health of dcs by dcdiag /q and repadmin /replsum and post the log if error is reported.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39757246
AD replication and application replication are two different terms
Because most of the applications use AD for authentication and few applications like MS Exchange adds attributes with values in AD that's get replicated across.
Are you talking about authentication traffic getting increased by AD integrated applications \ native AD authentication by users \ computers ?
If any application is storing data in AD application directory partitions, it can cause trigger replication, but I don't think it can create Hugh replication traffic because basic purpose of AD application directory partitions is to limit the replication traffic exposing to all DCs and its most probably static contents hopefully.
http://technet.microsoft.com/en-us/library/cc784421(v=ws.10).aspx

How big is you AD environment in terms of users \ computers \ and how frequently  you change active directory objects by any AD integrated applications ?
Also what is the replication interval between all sites and what is the minimum bandwidth between sites?

You can also capture traffic form individual applications to AD with netmon, wireshark etc as suggest by Sandesh above

At a minimum, since you have 2003 active directory,
You need to raise your domain and forest functional level to windows 2003 to enable Linked Value replication (LVR), a technology established with 2003 AD to replicate incremental changes only as opposed to full replication occurring in windows 2000 domain

Increasing the forest functional level to Windows Server 2003 interim or higher does not modify the way that existing group members are stored or replicated. To do that, you must remove the members that were added to the group before the forest functional level was increased to Windows Server 2003 and then add them back again to the appropriate groups. Any group members that you either add or remove after the forest functional level is increased will be LVR enabled, even if the group contains other members that are not LVR enabled

Check below section in MS article for more information
Recommended Maximum Number of Users in a Group

Mahesh
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question