Learn more about ad ds Replication

Understand the role of replication in ADDS:

In an enterprise's directory environment, you must include a mechanism to synchronize and update directory information across the entire directory structure. In windowsADDS, you must useLatest InformationTo update each domain controller so that users can log on, access resources, and correctly interact with directories.

ADDS differs from many directory services in that directory information replication is implemented independently of the actual logical Directory design,

The concept of an ADDS site is completely independent of the logical structure of the ADDS forest, tree, and domain. A single site in ADDS can indeed reside in domain controllers of different domains in the same forest.

Multi-master replication topology

ADDS for Special DesignAllows you to create, modify, and delete directory information from multiple domain controllers.. This concept is multi-master replication.MultimasterreplicationNo domain controller is used as the authorization domain controller.

If any domain controller stops the same operation, any other writable Domain Controller changes the directory information.

You can then copy these changes across the domain infrastructure.Apply some control to this replicationIn order to give priority to copying the latest changesUpdate the serial number UpdateSequenceNumbersUSNTo implement this control

Update serial number USN

ADDS uses USN to provide precise replication of directory changes

USN is a 64-bit number maintained by each domain controller in ADDS. Every time a Directory change is made to a specific server, USN is promoted, each extra-Domain Controller also contains copies of the recently known USN In its peer-to-peer controller. Subsequent Updates become more concise ,.

Use USN to ensure replication integrityBecauseThe USN number is updated only when you confirm that the change has been written to a specific domain controller., In this way, ifA server is interrupted due to a fault., RelatedThe server throw will seek for more information based on his USN numberNew to ensure the integrity of transaction processing.

Copy conflict:

Cause of replication conflict: changes are made to the same object between the changes that have been replicated to all domain controllers,

Eg: If one administrator resets the user password on Server 1, and the other administrator resets the password of the same user on Server 2 before Server 1 has the opportunity to copy the password, a copy conflict may occur, you can use the attribute version number to resolve the copy conflict.

Attribute version number

The property version number is applied to all objects in the ADDS instance as a property. Once the object is changed, the numbers are updated in a rough manner and the timestamp is set. If a copy conflict occurs, the version number of the attribute with the latest timestamp is executed, and the old changes are discarded.

Windows2008 includes a built-in service to synchronize the time in the domain.

Use windowstimeservice to maintain DC Synchronization

Windowstime

Time is an important aspect in ADDS.

Kerberos is a built-in authentication mechanism used by windowsADDS, and its ticket system is based on a precise time source. If the difference between two machines in the same domain exceeds 5 minutes, authentication fails.

Windows2008 uses windowstimeservice and domain hierarchy to maintain consistent time sources among all domain controllers in the entire domain.

A server, that is, a PDC simulator, is responsible for obtaining precise time from a trusted manual source, such as NTFS \ windows.time.com, pool.ntp.org, or GPS clock.

The local trusted source is level 0, the PDC simulator is Level 1, the PDC simulator is located in the same site, all other DC is Level 2, and the bridgehead server in the remote site is Level 3, and all other DC in the same remote site is level 4

The member computers will try to get time from the DC where they are sitting on the lowest layer of the site. If the DC does not provide time, it will take advantage of the next higher level.

So even if the local clock is changed, it will always be automatically reset to the domain time

Perform time synchronization at startup and complete three consecutive successful time syntaxes every 45 minutes thereafter. The subsequent time interval test cycle is increased to 8 hours.

Connection object

The connection object is automatically generated by the ADDS Knowledge Consistency Checker KnowledgeconsistencycheckerKCC to act as a channel for replication communication. You can also manually create a connection object.

It provides a replication path from one domain controller to another.

1. Enable activedirectorysitesandservices

2. Expand sites --- sitename ---- servers ---- servername ---- NTDS settings

3. Right-click NTDS settings and select newactivedirectorydomainservicsconnection.

Replication Delay

1. Enable Activedirectorysitesadservices

2. Go to sites --- sitename ---- servers ---- servername ---- NTDS settings,

3. Right-click each connection object and choose replicationnow.

Repadmin Tool

Explains how ADDS replicates data.

We know that data between domain controllers is synchronized and copied.

ADDS replication replicates objects between domain controllers through a feature called "Source write" OrginatingWrites.

When the object changes, the attribute value increases, and the domain controller compares the property value saved by itself with the value received during the copy request. If the value is low, it indicates that a change has occurred; otherwise, the received value is discarded. This simplified replication method is very reliable and efficient and allows effective Object synchronization.