Beruflich Dokumente
Kultur Dokumente
m
1
Objectives
2
M entifying Data to Replicate
3
M entifying Data to Replicate -
Mntro ction
¢ Active directory uses a multi master model for replication.
£ This means you can make changes to Active Directory on
any domain controller.
£ Then those changes are then replicated to other domain
controllers.
¢ When you make a change to Active Directory, such as adding a new user
or changing a userǯs telephone number, the replication process begins.
¢ Replication is performed at the attribute level, not the object
level.
£ For e.g. if a users fax number is changed, then only the new fax
number of the user would be replicated; other attributes of the user
weren't changed, this makes the replication process very efficient.
4
M entifying Data to Replicate -
Mntro ction
Replication involves two types of updates:
¢ Originating Updates
An originating update is a change to Active Directory that was
made on the local domain controller.
£ For e.g. if a users password is changed on DC1, then it is an
originating update on DC1.
¢ Úeplicated Updates
A replicated update is a change that was made through
replication.
£ For e.g. if a users password is changed on DC1, and the change is
replicated to DC2, then it is a replicated update on DC2.
5
M entifying Data to Replicate -
Mntro ction
¢ Active Directory doesnǯt rely on a time-based system to
replicate directory changes.
¢ Time-based systems have a lot of fall backs.
£ E.g. If time gets unsynchronized or a clock delays or stops, this will
cause data to be lost or the directory to get corrupt.
¢ Active directory uses another method:
¢ The Domain controllers track objects using Update Sequence
Numbers (USNs).
£ Each DC maintains its own USN count, which is independent from all
other domain controllers. Every time the Active Directory database
on a DC is modified, the USN is incremented by one and the update
object and attributes are stamped with the USN.
6
M entifying Data to Replicate -
Mntro ction
¢ The use of the multi-master model does introduce an
additional consideration.
£ It makes it possible for two domain controllers in the same
domain to show different information, even for the same
object.
£ This is caused by latency, which is the idea that the
replication process takes some time.
£ The latency could be only a few seconds or possible a few
minutes . In large, geographically dispersed networks, the
latency could be hours.
¢ Once replication has finished and all the domain controllers
contain the same information for every object, the directory
database is said to have reached convergence.
7
M entify Domain Controllers
8
Y DS Settings Server Object
¢ You can access the object by using Active Directory Sites and
Services.
9
Server GUMD / Database GUMD
10
Up ate Seqence Ymber
11
Up ate Seqence Ymber
12
Creation of new ser accont
13
Replication of new ser accont
14
Up ating attribte of ser accont
15
Replicating change of ser
accontŨs attribte
16
^igh-watermark Vale
17
^igh-watermark Vale
18
^igh-watermark Vale
Determining which objects may need to be replicated:
19
Up-to- ateness Vector
20
Up-to- ateness Vector
Example of up-to-dateness vector table:
¢ Propagation Dampening?
£ ropagation dampening is used to prevent unnecessary replication
by preventing updates from being sent to servers that are already
updated.
£ Up-to-dateness vector tables & high-watermark tables can be used
to provide Propagation Dampening.
¢ We will look at 4 scenarios and examples
£ Creation of new user account on a specific DC.
£ Replication of user account.
£ DC requests updates from another DC.
£ DC responding to the request, sending new high-watermark value, and
vector data.
22
Creation of new ser accont on DC4
23
Replication of ser accont to
DC4Ũs first replication partner
24
DC2 reqest p ates from DC1
DC2 sends DC1 the following information when requesting updates:
XThe naming context updates.
XThe High-watermark value of DC, which DC2 obtains.
XThe maximum number of object order entries requested.
XThe maximum number of values requested.
XDC2ǯs up-to-dateness vector table.
Still, no changes are made on DC2.
25
DC1 replies back to DC2
26
Conflict Resoltion
27
mttribte p ate conflict
29
Yew object name conflict
¢ This occurs when two objects are created with the same
distinguished name in the same container of different domain
controllers.
¢ Because objects in the same container must have different
relative distinguished names, one of the objects is renamed.
¢ The timestamps & org. DSA GUID are used to resolve this
issue.
£ The object with the higher timestamp keeps the original name.
£ If the timestamps are identical, then the org. DSA GUID is used.
30
Overview
31
¢ mNY QUESTIONS ?
32