How Domain database replication works
Database File Location:
Site: A set of high-speed and reliable connections to computers.
Multiple host replication, a change in the data within a domain control that notifies other domain controllers to synchronize. 15s Sync Once
Emergency data: Emergency data is immediately synchronized to the PDC host.
When the number of domain controllers in a domain changes, such as by increasing or decreasing the domain controller, the process KCC on the domain controller will perform the calculation of the Active Directory replication topology. The KCC is translated into a knowledge consistency validator, and we do not see the KCC in the Task Manager's list of processes because it is part of the LSACC process. The KCC can automatically calculate the topology used by the domain controller for replication, and when the number of domain controllers is small, the KCC tends to use a ring topology for Active Directory replication in the domain, meaning that when the Active Directory content of a domain controller changes, This change is not passed to all other domain controllers at the same time, but is passed along the ring topology one by one designed by the KCC. and to achieve redundancy and increase efficiency, the KCC-designed topology is a dual-loop topology, which is a replication topology for a domain controller, and you can see that each domain controller has two replication partners, and replication of Active directory is performed in two directions clockwise and counterclockwise.
To reduce replication latency: More than 3 units are not allowed from the source DC to the destination DC.
AD DS replication between DCs in the same site uses change notification, which means that a DC data change, 15s, notifies other domain controllers. Receive a notification that the DC sends a request for update data to the source DC if needed. After the source is received, copy begins.
Replication partners:
Direct replication Partner Indirect replication Partner
Data synchronization between different sites, with bridgehead servers.
Replication conflicts: Multiple domain controllers modify an object at the same time, and one DC creates the user, and another DC deletes the OU ...
Check the following items;
1 Number of modifications to object Property object (version number), property value starting from 1
2 modification time on the different DC on the object modification time, after the first priority
3 The GUID of the DC that modifies the object is compared to the size GUID of the GUID, which refers to the hardware value of the DC
Example: Create a user jinning on Server01, make an ad backup, then delete this user, restore the ad backup, can I ask this user to restore success?
Step 1: Create the user on the ad user and computer:
Step 2: Make an ad backup with Windows Server Backup.
Step 3: Delete the user
Step 4: Go to directory Restore Mode to restore
Step 5: Restart the computer after you restore
Step 6: View the deleted users, whether the restore, restore unsuccessful:
You must perform an authoritative restore: Manually increase the property value of an object
Step 1: Create the user on the ad user and computer:
Step 2: Make an ad backup with Windows Server Backup.
Step 3: Delete the user
Step 4: Go to directory Restore Mode to restore
Operations master: FSMO
Operations master role:
RID master PDC structure domain naming schema
RID Master: The SID used to generate the user. sid= domain (native) ID + RID
To view the user sid:
PDC Host:
1. Compatible with legacy operating systems (NT)
2. Accelerating replication of emergency data
3. Intra-Domain time synchronization
All clients in the domain synchronize time with the PDC master of the domain
Domain naming master: The uniqueness of a domain name when maintenance is created or when a domain is deleted
Schema master: A property that holds an object within the entire schema
Infrastructure Master: Maintains updates for cross-domain objects, such as: A domain user joins to a group of domain B
Domain level: RID master PDC host fabric Master in each domain
Forest level: Domain naming master schema master in one forest
Find FSMO
Graphical interface:
Command line:
Example: Finding the FSMO in the current domain through a graphical interface
RID PDC Structure
Domain naming master:
AD Domains and trust relationships
Schema master:
Run command: regsvr32 schmmgmt.dll Register schema host dynamic link library file
Running: MMC
Instance: Viewing the FSMO in the current domain from the command line
netdom query FSMO
Example: Transfer operations master
Three ways:
1. Graphical interface
Transferring the operations master from SERVER01 to Server02
2. NTDSUTIL
Transferring the operations master from Server02 to Server01
3. Drop the domain of the DC where the operations master resides
Transfer the operations master to another DC by means of a reduced domain
Forced possession of FSMO
Suitable for operations master not to be connected
Example: Seizing FSMO on Server01 by means of forced possession
Preparation: The existing operation of the main machine, the other DC (SERVER01) to preempt
by Ntdsutil
The original operations master do not go back to the domain
How Domain database replication works