6/8/2015

ActiveDirectoryReplicationExplained|SystemAdminGuide

System Admin Guide

AlivelyblogforWindowsandVMwareadministrators...

HOME

VMWARE

WINDOWSSERVER

INTERVIEWQUESTIONS

SubscribeToSAG

Active Directory
Replication
Explained

Focus: Active Directory Replication, USN, HWMV and UTDV

WINDOWS,WINDOWSSERVER

all other DCs in the same site. AD replications are generallypulloperations. For
will inform DC2 about the change.
After this notification, the DC2 will pull the changes from the DC1 thereby
making its AD data up to date.

2008
PostedbyNITHIN

Replication interval

Categories
Active Directory
Dell EqualLogic
DHCP
DNS

RADHAKRISHNAN
1comments

Comments

Intrasite replication replicates changes made in one DC to

example (A site with two DCs : DC1 & DC2) , If a change is made on DC1 then DC1

Categories:ACTIVEDIRECTORY,

Posts

When a DC write a change to its local copy of the AD, a timer is started that
determines when the DC's replication partner should be notified of the change.
By default, this interval is 15 seconds in Windows 2003 and later.

Group Policy
Icinga Monitoring
Microsoft SQL Server

Active Directory Partitions

Active Directory database is divided into partitions or naming contexts (NC):
Schema NC This contains schema details and this will be replicated to each DC
in the forest.

Openfiler
Powershell
Private VLAN
SAN
VMDK troubleshooting

Configuration NC This contains forest wide configuration information and this

will bereplicated to each DC in the forest

VMware
VMware Conversion

Domain NC This contains most commonly accessed AD data and this will be
replicated to each DC in the domain

VMware DRS
VMware Fault Tolerance

Each of these NCs are replicated separately to the DCs.

There are two kind of write operations that AD need to replicate:
Orginating write: Any change made on a DC is an orginating write for that DC

VMware HA
VMware Networking
VMware Overview

Replicated write: Any change which came as part of replication is a replicated

VMware Snapshot

write

VMware troubleshooting

AD changes are managed through several Replication metadata:

VMware vSwitch
Windows

Update Sequence Number (USN)

Each DC maintains a USN which is specific to that DC. Any change made in the DC
(orginated write) or replicated to DC (replicated write) will be followed by a USN

Windows Backup and

Restore

increment. The USN numbers of DCs in the same domain need not be same

Windows Server 2008

therefore the USN of one DC has no meaning to any other DCs in terms of

Windows troubleshooting

comparing one change to another.

For Eg: Current USN value of DC1 is 3000 and DC2 is 4000. Suppose a change is

Windows VMware
Interview questions

made on DC1, its USN will be incremented to 3001. DC1 will notify DC2 about the
change and will pull the new change. When the change is pulled, DC2 will
increment its value to 4001.

PopularPosts
VMWARE AND WINDOWS

High watermark vector (HWMV)

USN is only a method to track the changes made on the DC. But each DC needs a
way to keep track the changes that have already been replicated, otherwise each
DC would be sending the entire Active Directory database across the wire at
every replication.

INTERVIEW QUESTIONS: PART 1

All the questions in this

blogare interview questions
that are framed as per the
current trend. Special thanks
to my colleague Shijimol...

To prevent this, each Active Directory DC maintains a value called the High
WaterMark Vector (HWMV) for other domain controllers that it is replicating with.

VMWARE AND WINDOWS

Each DC will associate this high watermark vector with the Globally Unique

INTERVIEW QUESTIONS: PART 2

Identifier (GUID) of the remote DC, to prevent any confusion if a remote domain

This is the second part of the

blog ' VMware and Windows

controller is renamed or removed from the directory.

http://www.systemadminguide.in/2013/11/activedirectoryreplicationexplained.html

1/3

6/8/2015

ActiveDirectoryReplicationExplained|SystemAdminGuide
Interview Questions '. Part 1
Let us discuss some replication scenarios here:
Scenario 1:
2 Domain controllers
USN of DC1 = 3000
USN of DC2 = 4500

A new object is created in DC1, the USN gets incremented to 3001.

and Part 3 are available in

the below link...
VMWARE AND WINDOWS
INTERVIEW QUESTIONS: PART 3

This is the third part of the

blog ' VMware and Windows
Interview Questions '. Part 1
and Part 2 are available in
the below link ...

LikeUs
Follow@pingnithin

BlogArchive
2015 (1)
2014 (20)
2013 (68)
DC1 notifies DC2 about the new change. DC2 replies back with the HWMV
value of DC1 in DC2

December (8)
November (7)
Connect-VIServer
Could not connect
using requested...
Empty Recycle Bin for
all user profiles
Active Directory
Recycle Bin

DC1 compares the HWMV value and understands that DC2 is not updated
with the change 3001. DC1 sends this change to DC2 and DC2 will commit
the change and update its local USN

Active Directory
Tombstone
Active Directory
Authoritative and
Non Authoritati...
Active Directory USN
Rollback
Active Directory
Replication
Explained

The above scenario looks fine in a 2 DC scenario but could create severe
replication loops in 3 or more DC scenario.

October (8)
September (10)

Uptodateness Vector (UTDV)

August (2)

If a change is made in DC1 then the change is replicated to DC2 and DC3. When

July (17)

this change is received in DC2, it will inform DC1 and DC3 about the same change
and will end up in a loop.

June (13)

In order to avoid this situation another metadata is stored by the DC called

February (1)

theUp To Dateness Vector(UTDV).

January (2)

UTDV stores the highest orginating update USN the local DC has received from
other DCs.Every DC keeps a HWMV table and UTDV for each AD partition to store
the latest USN of its replication partners.Whenever DC1 contacts DC2 for
replication, DC2 will send the HWMV of DC1 in DC2 along with highest orginating
USN that DC2 have in its UTDV table.
Scenario 2
3 Domain controllers
USN of DC1 = 3001
USN of DC2 = 4501
USN of DC3 = 7000

Suppose a change is made in DC3 which increments the USN of DC3 to 7001.
DC3 informs this change to DC1 and DC2

http://www.systemadminguide.in/2013/11/activedirectoryreplicationexplained.html

2/3

6/8/2015

ActiveDirectoryReplicationExplained|SystemAdminGuide

Now starts the role of UTDV. DC2 notifies DC1 about the new change it
received from DC3. DC1 then replies DC2 with the HWMV of DC2 in
DC1along with highest orginating USN DC1 have in its UTDV table (Here
7002 DC1 received from DC3).

DC2 compares HWMV and understands that its HWMV in DC1 is outdated.
Therefore it takes all corresponding transactions for the missing USN.

But when it takes the missing transaction, after comparing the UTDV it
received from DC1 and the orginating USN of the change in DC2, DC2
understands that the change need not be replicated to DC1.
#All these images are taken from Microsoft official technet site

Recommend this on Google

funny (0)

Reactions:

interesting (1)

cool (1)

informative (0)

1 comments:
shijisujai at: 20 November 2013 at 14:32 said...

Good one..

Post a Comment
Enteryourcomment...

Commentas:

Publish

GoogleAccount

Preview

SystemAdminGuideCopyright(c)2013,AllRightsReservedPoweredbyBlogger
PrivacyPolciy

http://www.systemadminguide.in/2013/11/activedirectoryreplicationexplained.html

3/3