Register now or log in to join your professional community.
Active Directory supports multimaster replication , which is replication in which any domain controller can send or receive updates of information stored in Active Directory. Replication processing is performed on a per-property basis, which means that only relevant changes are propagated. Replication processing differs from DNS full zone transfers, in which the entire zone is propagated. Replication processing also differs from incremental zone transfers, in which the server transfers all changes made since the last change. With Active Directory replication, however, only the final result of all changes to a record is sent.
In a Windows 2000 domain, all domain controllers (DCs) are equal. Thus, you can make changes on any DC. Servers’ complete domain directories are kept up-to-date with one another through a process of multimaster replication.
Each time you make a change to Active Directory (AD), the servers’ update sequence number (USN), where the change implements, increases by one. AD then stores the new USN, as well as the change. These changes must replicate to all the DCs in the domain; the USN provides the key to multimaster replication.
USN increments are atomic in operation, which means that the increment to the USN and the actual change occur simultaneously. If one part fails, the whole change fails. A change can’t occur without the USN being incremented; therefore, changes can’t be lost. Each DC keeps track of the highest USNs of the DCs it replicates with. This procedure lets a DC calculate which changes must replicate on a replication cycle.
At the start of a replication cycle, each server checks its USN table and queries the DCs it replicates with for the DCs’ latest USNs. Below is an example USN table for Server A.
Domain Controller B Domain Controller C Domain Controller D 54 23 53Server A queries the DCs for their current USNs and gets the following information.
Domain Controller B Domain Controller C Domain Controller D 58 23 64From this information, Server A can calculate the changes it needs from each server, as follows.
Domain Controller B Domain Controller C Domain Controller D 55-58 None 54-64Server A then queries each DC for the necessary changes.
Multiple changes to an object’s property can occur. Every property has a property version number, which helps detect collisions. Property version numbers work like USNs: Each time you modify a property, the property version number increases by one.
If you try to modify an object’s property multiple times, the change with the highest property version number takes precedence. A collision occurs when the property version numbers are the same for two or more property updates. When two property version numbers match, the timestamp helps resolve the conflict. Because every change has a timestamp, DCs must be accurate with one another. In the unlikely event that the property version numbers match and the timestamps match, a binary buffer comparison occurs; the larger buffer size change takes precedence. Property version numbers increase only on original writes (not on replication writes, as USNs do) and aren’t server specific. Instead, a property version number travels with a property.
A propagation-dampening scheme prevents changes repeatedly going to other servers. Each server keeps a table of up-to-date vectors, which are the highest originating writes received from each controller. The vectors take the following form.
<the change>,<the dc making the original change>,<the usn of the change></the></the></the>For example,
<object savillj property password xxx>,Titanic,54</object>DCs send this information with the USNs so that they can calculate whether they already have the change the other DCs are trying to replicate.
Replication in which any domain controller can send or receive updates of information stored in Active Directory. Replication processing is performed on a per-property basis, which means that only relevant changes are propagated. Replication processing differs from DNS full zone transfers, in which the entire zone is propagated. Replication processing also differs from incremental zone transfers, in which the server transfers all changes made since the last change. With Active Directory replication, however, only the final result of all changes to a record is sent. When to store a primary zone in Active Directory, the zone information is replicated to all domain controllers within the Active Directory domain. Every DNS server running on a domain controller is then authoritative for that zone and can update it.