Performing Active Directory Force Replication with All Domain Controllers

Performing Active Directory Force Replication with All Domain Controllers

How Replication Works?

Replication is the process of synchronizing data on several computers. The purpose of replication is to ensure that each computer has the same data—in other words, to ensure that a change in data made on one computer is copied to all of the other computers to ensure data integrity. The Active Directory functions by using Multi master replication. Multi master replication means that there is no single master replicator computer in the environment, but all domain controllers are responsible for initiating and participating in replication as needed. This peer-to-peer approach is quite powerful because you can make configuration changes to the Active Directory on any domain controller and be assured that those changes will be replicated to all other domain controllers. Remember that each domain controller contains a copy, or replica, of the Active Directory database. The replica is writable, so each domain controller can update its copy when it receives changes through replication. So, replication is necessary to ensure that each domain controller’s database replica is the same, and the Active Directory uses Multi master replication so that all domain controllers participate in and are responsible for the replication process. Active Directory replication functions at three levels, or partitions, of replication. These are the schema partition, configuration partition, and domain partition.

Replication in the Active Directory is based on objects and object attributes. (Each object contains attributes. i.e. if user is an object then user name, password, e-mail address are its attributes). Suppose, there is change in user’s password, then that changed password gets replicated to all other domain controllers. Active Directory does not replicate the entire user object. It will replicate only the changes password of an object because replication is based on the attribute level. This design helps reduce network bandwidth usage because replication occurs at the smallest level.

Active Directory replication uses a process called store and forward. This simply means that replication changes are not directly sent to every domain controller. Instead, changes made on one domain controller are replicated to that domain controller’s replication partners, who then send the replicated data to their replication partners, and so forth until the replicated data reaches all domain controllers. Active Directory internally determines which domain controllers will be partners. This is accomplished through an automatic replication topology generation through Knowledge Consistency Checker (KCC) service. The KCC is built in to every Windows 2000 domain controller and runs every 15 minutes by default.The Active Directory uses pull replication. This means that database changes are pulled from a source domain controller where the changes are made to direct replication partners. Replication can also be accomplished via push replication where a domain controller pushes unsolicited changes to other domain controllers, but pull replication works best and avoids potential repetitive problems. So, when a change is made on a domain controller, that domain controller issues a change notification telling the other domain controllers that it has changes to the Active Directory database. The change notification occurs after an originating update has occurred. An originating update occurs when an LDAP change is made to an Active Directory object or an object has been created. Specifically, an originating update occurs when:

 an object is added to the directory

 an object is modified (such as an attribute modification)

 an object is moved

 an object is deleted

Replication partners respond to the change notification by pulling the originating update from the source domain controller. The USN table is examined on each domain controller, and they find that the USN for the change is outdated in their databases. The domain controllers accept the originating update and then update their databases and USN tables so they are accurate. Once the originating update has been accepted by the domain controllers, it is referred to as a replicated update.

Understanding Force Replication: Force replication is a manual process used to trigger immediate replication of directory changes between domain controllers. This can be necessary in scenarios such as troubleshooting replication issues, ensuring timely distribution of critical updates, or implementing changes that require immediate synchronization across the environment.

Performing Force Replication with PowerShell:

Step 1: Open PowerShell as Administrator

  • Launch PowerShell with administrative privileges to execute the necessary commands.

Step 2: Initiate Force Replication

  • Use the following PowerShell command to force replication from the current domain controller to all other domain controllers in the domain:
Get-ADDomainController -Filter * | ForEach-Object {Repadmin /syncall $_.Name /AdeP}
  • This command iterates through all domain controllers in the domain and triggers replication with each one using the Repadmin utility.

Step 3: Verify Replication Status

  • After executing the force replication command, monitor the PowerShell console for any errors or warnings indicating replication issues.
  • Additionally, you can use tools like Active Directory Sites and Services or Repadmin to verify successful replication across all domain controllers.

Share :

Add New Comment

 Your Comment has been sent successfully. Thank you!   Refresh
Error: Please try again