Microsoft Active Directory Tech

Configuring and Troubleshooting Active Directory Replication

Configuring and Troubleshooting Active Directory Replication

Active Directory is a distributed multimaster replicated database. All area controllers host a full duplicate of the area info for its personal area. Area controllers in Home windows 2000 and Home windows Server 2003 environments maintain a learn/write copy of the Active Directory database. In these environments, modifications might be made to the Active Directory database on any area controller inside the Active Directory surroundings. Replication is the method that ensures that modifications made to a reproduction on one area controller are transferred to replicas on the rest of the area controllers. When an object in Active Directory is created, deleted, moved, or modified Active Directory replication is triggered.

In Home windows 2000 and Home windows Server 2003 environments, the forms of Active Directory replication that may be outlined are:

  • Intrasite Replication: Intrasite replication takes place between area controllers inside the similar website. This makes intrasite replication an uncomplicated course of. Intrasite replication makes use of the Distant Process Name (RPC) protocol to convey replication knowledge over quick, dependable community connections. Replication knowledge inside a website is just not compressed.
  • Intersite Replication: Intersite replication takes place between websites. Intersite replication can make the most of both RPC over IP or SMTP to convey replication knowledge. Intersite replication needs to be manually configured. Intersite replication happens between two area controllers which might be referred to as bridgeheads or bridgehead servers. With intersite replication, packets are compressed to preserve bandwidth.

The knowledge replicated in Active Directory is summarized under:

  • Configuration partition knowledge: Objects saved within the configuration partition relate to the area construction and replication topology and are replicated to every area controller in every area and in a forest.
  • Area partition knowledge: All objects which are saved in a website exist within the area partition. Area partition knowledge is replicated to the area controllers inside a website.
  • Schema partition knowledge: Schema partition knowledge embrace info on the objects that may be created in Active Directory and is replicated to every area controller in domains/forests.
  • Software partition knowledge: A brand new function launched in Home windows Server 2003 is the appliance partition. Purposes and providers retailer knowledge within the software partition.

Customers can use the Active Directory Websites and Providers console to configure intersite replication. Configuring intersite replication sometimes includes:

  • Renaming the Default-First-Website-Identify object
  • Creating website objects and subnet objects
  • Creating website hyperlink objects
  • Configuring website hyperlink attributes: Website hyperlink value, website hyperlink replication frequency, website hyperlink replication availability
  • Specifying or designating a most popular bridgehead server (BS).
  • Creating website hyperlink bridges
  • Manually creating connection objects

The way to Rename the Default-First-Website-Identify Website (first website object)

It’s a good suggestion to rename the default website object to one thing that has which means within the group. To do that:

  1. Open the Active Directory Websites and Providers console.
  2. Proper click on Default-First-Website-Identify and choose Rename from the shortcut menu.
  3. Proceed to set a significant identify for the location.

Learn how to Create a New Website Object

  1. Open the Active Directory Websites and Providers console.
  2. Proper click on the Websites folder and choose New Website from the shortcut menu.
  3. When The New Object – Website dialog field opens, enter a reputation for the location within the Identify field.
  4. Customers can settle for DefaultIPSiteLink within the Hyperlink Identify field.
  5. Click on OK.

Easy methods to Create a New Subnet Object

  1. Open the Active Directory Websites and Providers console.
  2. Proper click on the Subnets folder and choose New Subnet from the shortcut menu.
  3. When The New Object – Subnet dialog field opens, within the first part of the dialog field, specify the subnet handle and the variety of bits within the subnet masks.
  4. Within the Choose a website object for this subnet part, specify the location object with which this specific subnet is related.
  5. Click on OK.

How one can Create a Website Hyperlink

When customers create a website hyperlink they will specify the transport protocol for replicating knowledge over website hyperlinks as both IP or SMTP.

  • IP replication is usually chosen for a website hyperlink when a dependable connection exists between area controllers in several websites.
  • SMTP replication is generally chosen when connections are unreliable and sluggish.

To create a website hyperlink:

  1. Open the Active Directory Websites and Providers console.
  2. Open the Websites folder then open the Inter-Website Transports folder.
  3. Proper click on both the IP folder or the SMTP folder and select New Website Hyperlink from the shortcut menu.
  4. The New Object-Website Hyperlink dialog field opens.
  5. Within the Identify area, enter a reputation for the brand new website hyperlink.
  6. Within the Websites Not In This Website Hyperlink field, choose the websites to attach. Click on Add.
  7. Click on OK.

Find out how to Configure Website Hyperlink Attributes or Properties

Configuring website hyperlink attributes includes specifying website hyperlink prices, the location hyperlink replication frequency, and setting website hyperlink replication availability. When customers set the location hyperlink value, they’re principally defining the price of the community connection proportionate to the velocity of the hyperlink. Decrease prices are utilized for quick hyperlinks, whereas larger prices are related to slower hyperlinks. The location hyperlink replication frequency is usually a quantity starting from 15 minutes to 10,080 minutes. Setting website hyperlink replication availability includes specifying when a website hyperlink is accessible for replication.

To configure website hyperlink attributes:

  1. Open the Active Directory Websites and Providers console.
  2. Open the Websites folder then open the Inter-Website Transports folder.
  3. Open the IP folder or SMTP folder that incorporates the location hyperlink for which attributes must be configured.
  4. Proper click on the actual website hyperlink then choose Properties from the shortcut menu.
  5. Within the Description field within the Common tab of the Properties dialog field for the location, enter an outline for the location hyperlink.
  6. Within the Value field, change the default value for the location hyperlink and assign a price to the hyperlink. The default value setting is 100.
  7. Within the Replicate Each field, change the default replication interval. That is principally the variety of minutes between replications. The default setting is 180 minutes. The shortest replication interval that may be set is 15 minutes and the longest interval that may be specified is 10,080 minutes.
  8. Click on the Change Schedule button to configure when the location hyperlink is accessible for replication.
  9. When the Schedule dialog field for the location hyperlink opens, set when the location hyperlink is accessible for replication or when it isn’t out there for replication.
  10. Click on OK to save lots of configuration modifications made within the Schedule dialog field.
  11. Click on OK to save lots of modifications within the website’s Properties dialog field.

Learn how to Configure Replication to Disregard/Ignore Schedules

  1. Open the Active Directory Websites and Providers console.
  2. Open the Websites folder, then open the Inter-Website Transports folder.
  3. Proper click on the IP folder or SMTP folder and select Properties from the shortcut menu.
  4. When the Properties dialog field of the folder chosen opens, click on the Ignore Schedules checkbox.
  5. Click on OK.

The best way to Add a Website to an Present Website Hyperlink

  1. Open the Active Directory Websites and Providers console.
  2. Open the Websites folder then open the Inter-Website Transports folder.
  3. Open the IP folder or SMTP folder that incorporates the location hyperlink to which the location must be added.
  4. Proper click on the actual website hyperlink then choose Properties from the shortcut menu.
  5. Use the Websites Not In This Website Hyperlink field to pick the location that ought to be added to the location hyperlink. Click on Add.
  6. Click on OK.

How you can Rename an Present Website Hyperlink

  1. Open the Active Directory Websites and Providers console
  2. Open the Websites folder then open the Inter-Website Transports folder.
  3. Open the IP folder or SMTP folder that accommodates the location hyperlink to be renamed.
  4. Proper click on the actual website hyperlink and choose Rename from the shortcut menu.
  5. Set a brand new identify for the location hyperlink.

How you can Designate a Most popular Bridgehead Server (BS)

The Information Consistency Checker (KCC) might probably not designate a bridgehead server that’s the most optimum area controller in a website. In instances like this, manually designate a most popular bridgehead server(s) to enhance efficiency.
To designate a most popular BS:

  1. Open the Active Directory Websites and Providers console.
  2. Within the console tree, broaden the Websites folder, increase the location to create the bridgehead server in, then broaden the Servers folder.
  3. Proper click on the actual server and choose Properties from the shortcut menu.
  4. When the server’s Properties dialog field opens, within the Transports out there for inter-site switch part, choose the protocol for which the server is to be a bridgehead server. Click on Add.
  5. Click on OK.

Tips on how to Disable Transitive Website Hyperlinks or Automated Bridging

As a result of website hyperlink transitivity is enabled by default, customers sometimes have to disable to be able to create website hyperlink bridges.

  1. Open the Active Directory Websites and Providers console.
  2. Open the Websites folder then open the Inter-Website Transports folder.
  3. Proper click on both the IP folder or SMTP folder and select Properties from the shortcut menu.
  4. On the Basic tab, uncheck the Bridge All Website Hyperlinks checkbox to disable website hyperlink transitivity.
  5. Click on OK.

The way to Create a Website Hyperlink Bridge

  1. Open the Active Directory Websites and Providers console.
  2. Open the Websites folder then open the Inter-Website Transports folder.
  3. Proper click on both the IP folder or SMTP folder and select New Website Hyperlink Bridge from the shortcut menu.
  4. The New Object-Website Hyperlink Bridge dialog field opens.
  5. Enter a reputation for the brand new website hyperlink bridge within the Identify area.
  6. Use the Website hyperlinks not on this bridge field to pick two or extra websites to attach. Click on Add.
  7. Click on OK.

The best way to Manually Create and Configure a Connection Object

The KCC Mechanically creates connection objects in Active Directory. Nevertheless, customers can manually create connection objects to customise the community’s topology or lower the variety of hops from one area controller to a different specific area controller. When the KCC creates connection objects, the KCC routinely removes them when the replication topology modifications. Connection objects which are manually created will not be eliminated when the replication topology modifications. Customers need to manually take away these connection objects.

To manually create and configure connection objects:

  1. Open the Active Directory Websites and Providers console.
  2. Within the console tree, broaden the Websites folder, increase the location during which the connection object will probably be created, then broaden the Servers folder.
  3. Choose the actual server for which the connection ought to be enabled.
  4. Proper click on NTDS Settings and choose New Active Directory Connection from the shortcut menu.
  5. When the Discover Area Controllers dialog field opens, select the area controller. Click on OK.
  6. When the New Object-Connection dialog field opens, enter a reputation for the connection object. Click on OK.
  7. Proper click on the connection simply created within the particulars pane and choose Properties from the shortcut menu.
  8. When the connection object’s Properties dialog field opens, present an outline for the brand new connection object within the Description area.
  9. Within the Transport drop down listing, confirm that RPC is specified because the transport protocol.
  10. To switch the default schedule for intrasite replication, click on the Change Schedule button.
  11. When the Schedule dialog field for the connection object opens, set the suitable replication frequency and Click on OK.
  12. Click on OK to save lots of modifications made within the connection object’s Properties dialog field.

Tips on how to Manually Pressure Fast Replication

  1. Open the Active Directory Websites and Providers console.
  2. Within the console tree, broaden the Websites folder, the location that Active Directory has to duplicate to, and increase the identify of the server to make use of for replication.
  3. Click on NTDS Settings to show the server’s inbound connection objects in the suitable pane.
  4. Proper click on the server to be replicated from and click on Replicate Now from the shortcut menu.

Troubleshooting Active Directory Replication

Though area controllers mechanically handle the replication course of, there are situations when incorrect configuration settings or troublesome community connections can forestall Active Directory info from being replicated between area controllers. There are fairly a number of mechanisms that can be utilized to watch and troubleshoot the Active Directory replication course of.
The instruments out there are:

  • Active Directory Replication Monitor (Replmon.exe).
  • Replication Diagnostics Software (Repadmin.exe).
  • The Dsastat.exe command line device.
  • Customers can even configure Active Directory occasion logging.

A number of widespread strategies that monitor or troubleshoot Active Directory replication are summarized under:

  • Confirm community connectivity in a single’s setting: When Active Directory replication has stopped, confirm the prevailing community connections. For replication to happen, succesful LAN hyperlinks have to attach the area controllers. Utilizing excessive velocity hyperlinks sometimes improves replication efficiency.
  • Confirm website hyperlinks: To ensure that area controllers in several websites to change Active Directory knowledge or info, customers should configure the suitable website hyperlinks. When replication just isn’t occurring between websites, confirm that a website hyperlink object does hyperlink the present website to a website that’s related to the rest of the websites of the community.
  • Confirm the replication topology: Use the Active Directory Websites and Providers console to verify whether or not the replication topology is dependable and fixed. Errors are displayed in a dialog field within the console.
  • Manually confirm that Active Directory info has been synchronized. Confirm that info is synchronized between area controllers inside domains regularly.
  • When replication errors are encountered, examine the Directory Service occasion log in Occasion Viewer. Active Directory replication errors are written to the Directory Service occasion log.

There could also be situations when Active Directory replication is sort of sluggish. A number of strategies of correcting this drawback are summarized under:

  • Having no website hyperlink bridge may end up in Active Directory info taking fairly some time to be replicated between area controllers. Customers can create a website hyperlink bridge or can bridge all websites. That is sometimes needed when there are solely website hyperlinks within the community, however no website hyperlink bridges.
  • If the configuration worth specified for the frequency of intersite replication is about too low, customers might expertise giant delays between when modifications are made on one area controller and when they’re replicated on a website controller in a special website. To repair this drawback, contemplate altering the replication frequency’s setting.
  • When the prevailing community assets are unable to deal with the amount of visitors that Active Directory replication generates, contemplate the next:
    • If practical, modify the replication frequency’s setting.
    • If possible, configure further assets for Active Directory replication.
    • Create website hyperlinks.
    • Create website hyperlink bridges.

Tips on how to use Active Directory Replication Monitor to Monitor/Troubleshoot Replication

Replication Monitor (Replmon) is a graphical administration device included within the Home windows Help Instruments. With a purpose to open and use Replmon, it have to be put in on a pc. The pc is usually a area controller, member server, member workstation, or stand alone pc. Replication Monitor can be utilized to carry out the next actions:

  • View the replication topology or replication info in a extremely helpful graphical format.
  • Decide whether or not area controllers are replicating Active Directory info appropriately.
  • Decide Active Directory replication’s standing.
  • Manually pressure replication between area controllers.

The knowledge displayed in the primary Replication Monitor window is listed under:

  • Naming contexts: All of the naming contexts that a server accommodates are displayed right here.
  • Replication companions: Every naming context exhibits the inbound replication companions for that exact naming context.
  • Server icons: Server icons allow customers to find out info at a look.
  • Log entries: The replication log entries for the connection are displayed in the best pane.

As soon as a website controller for monitoring is specified, set view choices to go well with on’es wants. To specify view choices, open Replication Monitor and choose Choices from the View menu. The choices that may be chosen on the Common tab are:

  • Present Retired Replication Companions.
  • Present Transitive Replication Companions and Prolonged Knowledge.
  • Notify When Replication Fails After This Quantity Of Makes an attempt.
  • Log Information: Settings beneath Log Information are used to vary the default location for the log information.
  • Allow Debug Logging: This setting pertains to debugging Replmon.

The Replmon duplicate synchronization choices that may be chosen are listed under. These choices could be configured by proper clicking a monitored server object and choosing Synchronize Every Directory Partition with All Servers. The synchronization choices that customers can choose are:

  • Disable Transitive Replication: This feature may be chosen to troubleshoot a replication course of to a specific area controller to manually begin the replication course of.
  • Push Mode: When enabled, push mode is enabled for replication and the DRA is not enabled to tug updates.
  • Cross Website Boundaries: When enabled, begin intersite replication for RPC connections solely.

The right way to Begin Replication Monitor

Keep in mind to first set up Replication Monitor.

  1. Click on Begin, Home windows Help Instruments, and Command Immediate and enter replmon.exe.
  2. When the Replication Monitor opens, within the console tree, proper click on Monitored Servers and choose Add Monitored Server from the shortcut menu.
  3. The Add Monitored Server Wizard now begins.
  4. Choose the Add The Server Explicitly By Identify choice. Click on Subsequent.
  5. Within the Add Server To Monitor web page, use the Enter The Identify Of The Server To Monitor Explicitly field to specify the identify of the server that ought to be monitored.
  6. Click on End.
  7. The server specified for monitoring is now displayed within the console tree.

The best way to synchronize the Active Directory Directory Partition

Area controllers which might be indicated for a listing partition are considered supply servers. Supply servers could be a Direct Replication Associate, a Transitive Replication Companion, or a Bridge Head Connection.
To synchronize the listing partition:

  1. Open Replication Monitor.
  2. Proper click on the direct replication companion then select Synchronize Duplicate from the shortcut menu.
  3. Replication Monitor now begins the replication course of and studies on the standing of replication as properly.

The way to Use the Replication Diagnostics Device to Monitor/Troubleshoot Active Directory Replication

The Replication Diagnostics Device (Repadmin) is a command line interface that may be fairly helpful when troubleshooting Active Directory replication. By way of Repadmin, customers can carry out the next:

  • View the replication topology.
  • View replication metadata.
  • Decide the standing/validity of Active Directory info on every area controller.
  • Pressure replication between area controllers.
  • Manually create the replication topology.

The web assist exhibits the syntax for choices and switches of Repadmin. Run repadmin /? for on-line assist. To find out the standing of the KCC for replication, run repadmin/kcc. To find out what the replication outcome was for the final replication course of carried out, run repadmin/showreps. If operating Home windows Server 2003, Repadmin presents a number of further features that may be carried out. To view these, run repadmin/experthelp.

How one can Configure Active Directory Occasion Logging

Customers can even configure Active Directory occasion logging. A number of key occasions that may be specified for occasion logging are listed under:

  • Directory entry
  • Inner configuration
  • Inner processing
  • Intersite messaging
  • KCC
  • MAPI occasions
  • Replication occasions
  • Safety occasions

Set one of many following logging ranges for an occasion:

  • zero – None, 1 – Minimal, 2 – Primary, three – In depth, four – Verbose, 5 – Inner.

Find out how to Allow Active Directory Occasion Logging

  1. Click on Begin and Run and enter regedit within the Run dialog field. Click on OK.
  2. This opens the Registry Editor.
  3. Click on the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSDiagnostics registry key.
  4. The entries which might be displayed in the proper pane are the forms of occasions that may be logged. The default logging degree for every entry is zero – None.
  5. Open the entry for every sort of occasion to be logged by double clicking it.
  6. In every entry’s Worth knowledge field, enter the logging degree.
  7. Click on OK.

Learn how to Use Dsastat.exe to Monitor/Troubleshoot Active Directory Replication

Use Dsastat.exe to match the attributes of replicated objects and to find out variations between listing partitions that area controllers host. Dsastat.exe makes use of statistics comparable to objects per server and megabytes per server to find out what the variations are in Active Directory info between area controllers.

The syntax for Dsastat is:

dsastat [/loglevel:option] [/output:option] [/s:servername[portnumber][;servername[portnumber];…]] [/t:option] [/sort:option] [/p:entrynumber] [/scope:option] [/b:searchpath] [/filter:ldapfilter] [/gcattrs:option[;option;…]] [/u:username] [/pwd:password] [/d:domain]

  • /loglevel:choice signifies the kind of logging. A worth of Information, Hint, or Debug might be specified.
  • /output:choice signifies how outcomes might be displayed. A worth of Display, File, or each of those may be specified.
  • /s:servername[portnumber][;servername[portnumber];…]defines the server names which might be to be included within the comparability by Dsastat.exe.
  • /t:choice units whether or not a statistics comparability or a full content material comparability ought to be carried out. Values that may be set are True for statistics comparability and False for full content material comparability.
  • /type:choice for setting whether or not sorted queries must be carried out or not. Values are True for sorted queries to be carried out and False for specifying that sorted queries shouldn’t be carried out.
  • /p:pagesize specifies the variety of entries that ought to be returned on a web page. With a default worth of 64, customers can specify any worth from 1 – 999.
  • /scope:choice units what the search ought to embrace. Values that may be set are Base, Onelevel, Sub-tree.
  • /b:searchpath specifies the distinguished identify of the bottom search path.
  • /filter:ldapfilter specifies the LPAD filter that ought to be used.
  • /gcattrs:choice[;option;…] signifies what attributes must be returned. Values that may be set are all, LDAPattributes, ObjectClass, auto.
  • /u:username units the username that ought to be used for the search.
  • /pwd:password is the password related to the above username.
  • /d:area is the area that must be used to validate the username/password.

Categories