none
Question about replication Active Directory. RRS feed

  • Question

  • Hi. Sorry, my english on a simple level.

    I beganto understandin more detailin the replication process AD, buthas faced incomprehension.

    In a test environmentI have twodomain controller- DC1.example.com and DC2.example.com. LevelDomain and Forest2008R2. All FSMO roles are on the DC1. Both DC is Global Catolog. Value attribut Replication-Notify-First-DSA-Delay default (15 sec.)

    I opened two mmc snap AD User and Comp. that are connected to dc1 and dc2.  Create on dc1 user object   and immediately switches to snap dc2 and update the contents of the OU. User object has already appeared, but disabled. approximately the time specified in the attribute Replication-Notify-First-DSA-Delay it to become available. Repeat this procedure many times (create user\group object, copy user object) - result are different: object appeared immediately. after about 15 seconds. appeared immediately, but is disabled. Deletion of objects is a delay approximately equal to the attribute Replication-Notify-First-DSA-Delay (15 sec).Аttribute value is changed to 60, the same result. How can this be explained?

    Also interested in the question - with the help of some tools you can find real-time between update USN  and first replication partner notification? In repadmin I have not found such a functional.

    Do I understand the process of replication start? Such as creating or deleting an object or attribute, USN is incremented by 1, there is a pause during which correspond to the attribute Replication-Notify-First-DSA-Delay and then executed notice first replication partner.Is this true?

    Thursday, April 26, 2012 10:57 AM

Answers

  • Hello,

    see also here about changing the default intervals: http://codeidol.com/active-directory/active-directory/Replication/Changing-the-Intra-Site-Notification-Delay/

    For USN see "Tracking Object Creation, Replication, and Change" in http://technet.microsoft.com/en-us/library/cc772726(v=ws.10).aspx and maybe you can translate this German article http://blog.dikmenoglu.de/Die+Vektoren+Zur+Steuerung+Der+ADReplikation.aspx


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Proposed as answer by Patris_70 Friday, April 27, 2012 2:15 PM
    • Marked as answer by 朱鸿文 Wednesday, May 2, 2012 2:14 AM
    Thursday, April 26, 2012 5:09 PM
  • Hi,

    I hope the article below can help us understanding the Replication-Notify-First-DSA-Delay attribute:

    Fine-Tuning Change Notification Values

    http://technet.microsoft.com/en-us/library/cc811559(WS.10).aspx

    Regarding USN, I hope the information below can be useful to you:

    USNs


    Active Directory Domain Services (AD DS) uses update sequence numbers (USNs) to keep track of replication of data between domain controllers. Each time that a change is made to data in the directory, the USN is incremented to indicate that a change has been made.

    For each directory partition that a destination domain controller stores, USNs are used to track the latest originating update that a domain controller introduced to its database, as well as the status of every other domain controller that stores a replica of the directory partition. When domain controllers replicate changes to one another, they query their replication partners for changes with USNs that are greater than the USN of the last change that the domain controller received from each partner.

    The following two replication metadata tables contain USNs. Source and destination domain controllers use them to filter updates that the destination domain controller requires.
    1.Up-to-dateness vector: A table that the destination domain controller maintains for tracking the originating updates that are received from all source domain controllers. When a destination domain controller requests changes for a directory partition, it provides its up-to-dateness vector to the source domain controller. The source domain controller then uses this value to filter the updates that it sends to the destination domain controller. The source domain controller sends its up-to-dateness vector to the destination at the completion of a successful replication cycle in order to ensure that the destination domain controller knows that it has synchronized with every domain controllers’ originating updates and the updates are at the same level as the source.


    2.High water mark: A value that the destination domain controller maintains to keep track of the most recent changes that it has received from a specific source domain controller for a specific partition. The high water mark prevents the source domain controller from sending out changes that by the destination domain controller has already received from it.

    Regards

    Kevin


    TechNet Community Support

    • Proposed as answer by Patris_70 Friday, April 27, 2012 2:16 PM
    • Marked as answer by 朱鸿文 Wednesday, May 2, 2012 2:14 AM
    Friday, April 27, 2012 4:59 AM
  • When a domain controller writes a change to its local copy of the Active Directory, a timer is started that determines when the domain controller's replication partners should be notified of the change. By default, this interval is 15 seconds in Windows Server 2003 and later; it was 300 seconds (5 minutes) in Windows 2000. You can change the interval refer below link:http://support.microsoft.com/kb/214678.|

    Have a look at below link:
    http://blogs.dirteam.com/blogs/paulbergson/archive/2011/04/06/active-directory-replication-types.aspx

    Tracking Updates:Update Sequence Numbers
    http://technet.microsoft.com/en-us/library/cc961798.aspx

    Tracking Change Replications in AD using Repadmin.exe
    http://www.petri.co.il/tracking_ad_change_replications_using_repadmin.htm

    Tracing down user and computer account deletion in Active Directory
    http://blogs.technet.com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-account-deletion-in-active-directory.aspx

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by 朱鸿文 Wednesday, May 2, 2012 2:14 AM
    Friday, April 27, 2012 1:12 PM

All replies

  • Hello,

    see also here about changing the default intervals: http://codeidol.com/active-directory/active-directory/Replication/Changing-the-Intra-Site-Notification-Delay/

    For USN see "Tracking Object Creation, Replication, and Change" in http://technet.microsoft.com/en-us/library/cc772726(v=ws.10).aspx and maybe you can translate this German article http://blog.dikmenoglu.de/Die+Vektoren+Zur+Steuerung+Der+ADReplikation.aspx


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Proposed as answer by Patris_70 Friday, April 27, 2012 2:15 PM
    • Marked as answer by 朱鸿文 Wednesday, May 2, 2012 2:14 AM
    Thursday, April 26, 2012 5:09 PM
  • Hi,

    I hope the article below can help us understanding the Replication-Notify-First-DSA-Delay attribute:

    Fine-Tuning Change Notification Values

    http://technet.microsoft.com/en-us/library/cc811559(WS.10).aspx

    Regarding USN, I hope the information below can be useful to you:

    USNs


    Active Directory Domain Services (AD DS) uses update sequence numbers (USNs) to keep track of replication of data between domain controllers. Each time that a change is made to data in the directory, the USN is incremented to indicate that a change has been made.

    For each directory partition that a destination domain controller stores, USNs are used to track the latest originating update that a domain controller introduced to its database, as well as the status of every other domain controller that stores a replica of the directory partition. When domain controllers replicate changes to one another, they query their replication partners for changes with USNs that are greater than the USN of the last change that the domain controller received from each partner.

    The following two replication metadata tables contain USNs. Source and destination domain controllers use them to filter updates that the destination domain controller requires.
    1.Up-to-dateness vector: A table that the destination domain controller maintains for tracking the originating updates that are received from all source domain controllers. When a destination domain controller requests changes for a directory partition, it provides its up-to-dateness vector to the source domain controller. The source domain controller then uses this value to filter the updates that it sends to the destination domain controller. The source domain controller sends its up-to-dateness vector to the destination at the completion of a successful replication cycle in order to ensure that the destination domain controller knows that it has synchronized with every domain controllers’ originating updates and the updates are at the same level as the source.


    2.High water mark: A value that the destination domain controller maintains to keep track of the most recent changes that it has received from a specific source domain controller for a specific partition. The high water mark prevents the source domain controller from sending out changes that by the destination domain controller has already received from it.

    Regards

    Kevin


    TechNet Community Support

    • Proposed as answer by Patris_70 Friday, April 27, 2012 2:16 PM
    • Marked as answer by 朱鸿文 Wednesday, May 2, 2012 2:14 AM
    Friday, April 27, 2012 4:59 AM
  • When a domain controller writes a change to its local copy of the Active Directory, a timer is started that determines when the domain controller's replication partners should be notified of the change. By default, this interval is 15 seconds in Windows Server 2003 and later; it was 300 seconds (5 minutes) in Windows 2000. You can change the interval refer below link:http://support.microsoft.com/kb/214678.|

    Have a look at below link:
    http://blogs.dirteam.com/blogs/paulbergson/archive/2011/04/06/active-directory-replication-types.aspx

    Tracking Updates:Update Sequence Numbers
    http://technet.microsoft.com/en-us/library/cc961798.aspx

    Tracking Change Replications in AD using Repadmin.exe
    http://www.petri.co.il/tracking_ad_change_replications_using_repadmin.htm

    Tracing down user and computer account deletion in Active Directory
    http://blogs.technet.com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-account-deletion-in-active-directory.aspx

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by 朱鸿文 Wednesday, May 2, 2012 2:14 AM
    Friday, April 27, 2012 1:12 PM