Replication of Windows 2000 Active Directory

In the Windows 2000 Active Directory (AD) environment, you can use site to physically divide the network to optimize AD replication. By understanding how Microsoft is implementing AD replication in your domain, you can more effectively divide your network into AD sites, thereby reducing the flow of network connections over slow networks. This article is the first part of a two-series article on the Active Directory site, in which we examine the configuration of the default AD site (intra-site) replication and how information is replicated.

Active Directory Replication

When an Active Directory (AD) domain controller (DC) is installed into a domain, the Active Directory establishes the default replication template and automatically establishes a circular replication topology between the active directories, based on ensuring that replication traffic is carried out along the most efficient path. You can copy changes to ad in any direction of the ring.

Because all DCs in AD have equal status and contain ad database backups that can be written, there are some potential challenges facing Microsoft when implementing a multihomed replication system. Some of the issues that you might consider are:

How does DC control replication traffic to the minimum?

How does a DC keep all database copies synchronized?

What happens if the DC gets the same modifications from two replication partners?

What happens if two changes happen at the same time?

So let's take a look at these questions in order.

How does DC control replication traffic to the minimum?

To keep the network flow to a minimum, ad replication is performed on a per-attribute basis (Per-attribute). Simply put, this means that if a property changes (for example, a user's phone number), then only this small change is replicated to the other DCs in your domain. As you can imagine, the replication of each attribute of ad, and the entire copy of the database through the network to pass, more efficient, the need for network bandwidth is also less.

How does a DC keep all database copies synchronized?

Ad DCs uses a set of updated sequential digital (USN) systems to validate and synchronize different versions of the ad databases that flow between each other. Whenever a DC modifies its database, it uses a USN to identify the modification. When it notifies other DCs that it has a modification that needs to be replicated, it also notifies the other DCs of the USN associated with the modified property.

Each DC maintains a table that holds the highest USN number that it receives from each of its replication partners in the ring. If a DC receives a modified notification, and the USN value associated with the modification is higher than the USN value recorded in its table, it requests all of the inserted modifications to the replication partner. You can see this process in both figure A and Figure B.

Figure A: Active Directory change notification includes update Order digital USN.

Figure B:ad Database uses USN to control synchronization in a multihomed environment.