This blog series on Active Directory Domain Services (AD DS) is designed to help you gain a good working knowledge of what Active Directory (AD) is. Each successive blog sheds light on some aspects of AD. All blogs are curated to include the right mix of AD theoretical basics along with some valuable hands-on exercises. Show Through the earlier parts of the blog series, it has become clear that AD DS installed in a Windows environment opens up a host of benefits to organizations. The introduction of AD DS makes the management of permissions and access privileges very efficient. Administrators can also centrally monitor the data that is stored in AD. In parts 3 and 4, we covered how to create AD objects such as users, groups, and OUs. AD object creation happens through administrative actions on a particular domain controller (DC). However, information like this on newly created objects should be quickly made available to all other DCs so that management actions can be performed smoothly from any DC. AD replication enables the availability of updated AD information throughout all DCs. This blog will help you understand AD replication in depth. So, what is AD replication? In the most simplest sense, replication is the concept of modifying AD objects on one DC, and then have this replicated and visible on all other DCs of the AD forest. Why is AD replication necessary? You may be wondering what qualifies as a modification to an AD object and why such a replication model is necessary. There are many constant changes to the AD environment that happen in real time. These changes have to be updated in the AD database for future use and management. Examples of such changes include:
In order to make sure that the dynamic nature of any AD environment is maintained and its benefits are utilized effectively, replication in AD is a critical necessity that forms the backbone of AD services. Core AD concepts needed to understand AD replication The main objective of having an AD-controlled environment is to have centralized control and manage all users and computers efficiently. The design of the AD logical topology mimics the structure of the business organization. It is designed to take into account the physical TCP/IP networks over which AD is set up. In an active AD environment:
How does replication work?
Any error in AD replication usually happens because of incorrect configuration of AD sites and subnets, or if the KCC is not working properly, or due to any errors in AD-DNS related integrations (covered in Part 2 of this series). Types of AD replication There are two types of AD replication: intra-site and inter-site. Intra-site replication
Figure 1 shows the ring topology of DCs within a site.
Figure 2 shows DCs in sample Site A showing change notification starting in wait times of 15 seconds.
Figure 3 shows the revised replication topology in the sample Site A showing the inclusion of more DCs. Inter-site replication
Figure 4 shows bridgehead servers establishing the path for inter-site replication to occur between sample sites A and B.
Figure 5 shows inter-site replication between sample sites A and B. Here the time interval between replication initiation is 180 minutes between the designated bridgehead servers.
Replication in practical circumstances Let us now go over a practical example of both intra-site and inter-site replication. Say that a new user is created in site A. The information about this new user created in site A will first be replicated to all DCs within the site. This information will then be replicated to DCs in site B. Intra-site replication happens as follows: The source DC in site A, DC server 1, responsible for authorizing this new user creation completes the modification. After this, it initiates intra-site replication to the other DCs within this site. Inter-site replication begins next: The designated bridgehead server in site A will then communicate this new update of user creation to the bridgehead server in another site B as per the set replication schedule for inter-site replication. The updated user information is then replicated to the other DCs in site B. This process of replication continues between the various sites of an AD environment and is repeated each time a change modification is initiated at any of the source DCs in any site of the AD set up. Replication, as you can see, is one of the most important aspects of Active Directory. We have now learned to dig deeper and understand AD better, and so the inter-relationships between different aspects of AD will start to become clear. Stay tuned for more! Which server is essential for site to site replication?When two sites are connected by a site link, the replication system automatically creates connections between specific domain controllers in each site that are called bridgehead servers.
Which service is responsible for inter site replication of DC?The ISTG manages the intersite inbound replication connection objects for a specific site. There is one ISTG server in each site. By default, the first DC in each site is the ISTG.
What type of Active Directory replication takes place between domain controllers in the same site?Intrasite replication takes place between servers in a site using RPCs, while intersite replication is mail based and takes place over a Directory Replication Connector (DRC) between bridgehead servers in separate sites.
What is correct about replication between sites?Replication traffic between sites is always sent from a bridgehead server in one site to a bridgehead server in another site. Although it is the job of the ISTG to generate the intersite replication topology and designate bridgehead servers, you can manually designate bridgehead servers as well.
|