In the previous blog we deployed additional domain controllers in the domain, and we already know that each domain controller has an Active Directory database with the same content, and today we are going to discuss the replication topology used by the additional domain controller for Active Directory replication.
In the NT4 era, domain controllers are divided into two categories, the PDC and the BDC. The PDC is the abbreviation for the primary domain controller and the BDC is the abbreviation for the backup domain controller. Only one PDC,BDC per domain can have multiple, and the BDC's catalog data is copied from the PDC. Only the PDC can change the user account in the domain, the computer account and other directory data, the content of the BDC is read-only! This model of replication, which we call single master replication, is not unfamiliar to us, similar to the relationship between the DNS server's secondary server and the primary server. Single-master replication model is simpler, the management is not very difficult, but it is easy to constitute a single point of failure.
Starting with Win2000, Active Directory starts using a model of multiple master replication, meaning that each domain controller can modify the contents of Active directory autonomously, and there is no longer a difference between the PDC and the BDC in the domain. WIN2003 uses the same multiple-master replication model as Win2000, and Win2008 adds an RODC on the basis of multiple master replication, a read-only domain controller, to see that Win2008 is attempting to add elements of a single master replica to a multiple-master replication model. Because the design concept of an RODC is obviously associated with a BDC.
Now we know that Win2003 's Active Directory uses a model of multiple master replication, where any domain controller can modify Active Directory. In order to maintain the authority of Active Directory, it is clear that Active Directory content on all domain controllers should be the same. So, if a domain controller modifies its active Directory, how is the modified content replicated to other domain controllers? That's what we're going to talk about today, the replication topology for Active directory!
The replication topology for Active directory is a more complex issue, and today we only discuss replication topologies between domain controllers in the same domain. When the number of domain controllers in a domain changes, such as increasing or decreasing the domain controller, the process KCC on the domain controller calculates the Active Directory replication topology. The KCC is translated as a knowledge consistency validator, and we do not see the KCC in the process list of Task Manager because it is part of the LSACC process. The KCC can automatically compute the topology used by domain controllers for replication, and when the number of domain controllers is low, the KCC tends to use a ring topology for Active Directory replication in the domain, meaning that when the Active Directory content of a domain controller changes, This change is not passed to all other domain controllers at the same time, but is passed along the loop topology one by one designed by the KCC. and in order to achieve redundancy and improve efficiency, the KCC design topology is a dual-loop topology, the following figure is a domain controller replication topology diagram, as you can see, each domain controller has two replication partners, Active directory replication along the clockwise and counter-clockwise two direction.