Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Monitoring and Troubleshooting Active Directory Replication

Monitoring and Troubleshooting Active Directory Replication



|Views: 757|Likes:
Published by api-3747051

More info:

Published by: api-3747051 on Oct 17, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





Monitoring and Troubleshooting Active
Directory Replication

Replication may be defined as a duplicate copy of similar data on the
same or a different platform or system. When using a directory service
such as Active Directory, the directory database is carried by all
domain controllers so that when you want to contact a domain
controller for use, there is always a local copy local for use so that
requests do not have to be sent over the wide area network (WAN).
Replication for Active Directory operates within the directory service
component of the security subsystem. This component is called
Ntdsa.dll and is accessed through the Lightweight Directory Access
Protocol (LDAP). Ntdsa.dll runs as a part of the local security authority
(LSA), which runs as Lsass.exe. Updates are transported over Internet
Protocol (IP) by the remote procedure call (RPC) protocol. The Simple
Mail Transfer Protocol (SMTP) is also available for use as well, although
it\u2019s more common to see RPC over IP used.
When considering Active Directory, replication takes place and a copy
of the Active Directory database is stored and updated on all other
participating domain controllers on your network and in a perfect
world, each copy of the database is the same and all domain
controllers are synchronized. If this happens, then all your domain
controllers are synchronized with an exact duplicate copy of the Active
Directory database. When you install Active Directory, for the most
part even if all the default settings are chosen, the replication process
from domain controller to domain controller is automatic and
practically transparent. For the most part, domain controllers handle
the replication processes without advanced configuration and most
times, without a problem.
In figure 1, you can see a common network (2 sites connected via a
WAN link) with a domain controller in each location. Again, the
benefit of having a domain controller local to your PC\u2019s at each
network segment is to have requests made of the domain controller
kept local to the PC\u2019s in need of its services to speed up requests (by
keeping them local) or in case of disaster recovery, which could
happen if the WAN link drops, the local PCs can still find a local domain
controller to use. Keeping traffic off the wide area network (WAN) and
containing it to the local area network (LAN) is the best design practice
you can implement.

Figure 1: A Common Wide Area Network (WAN)

As a systems administrator, you should still consider that Active
Directory performance still needs to be monitored and analyzed. The
health and maximized performance of Active Directory depends on a
smooth replication process. If you are having problems with replication,
you will know not only from blatant logging in your Event Viewer, but
from poor performance as well. Many times, you cannot stop every
problem from occurring, but hopefully after reading this article, you will
be better equipped to handle issues and keep your network as
optimized as possible to handle the traffic traversing it.
Consider a common problem such as a failed network link. In figure 2,
you see that the main wide area network link has been broken.

Figure 2: A Failed Network Link

ISP\u2019s and telecom service providers occasionally have problems and
service can be interrupted. This of course stops the communication
between domain controllers, therefore also severing the replication
process. This can prevent the synchronization of information between
domain controllers and possibly cause corruption and/or other
A good way to make sure that this doesn\u2019t happen is to set up a
backup link (such as ISDN as seen in figure 2). ISDN (Integrated
Services Digital Networks) is a digital WAN technology used to facilitate
connections between sites. More commonly used today for disaster
recovery, ISDN still has a place in today\u2019s marketplace. Although still
used, you don\u2019t have to limit yourself to any technology when it comes
to backup links, you can use a fractional or full T1, a DSL line, or any
other technology that allows you to have redundancy in your links. The
goal is to have redundant links to keep your domain controllers in
constant communication with each other so that the Active Directory
database stays synchronized and healthy. A common symptom of
replication problems is that information is not updated on some or all
domain controllers. For example, a systems administrator creates a
user account on one domain controller, but the changes are not

Activity (26)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
tgrekos3593 liked this
VIren Arya liked this
ninoarendse liked this
gkjan liked this
rahulkasba liked this
bhushan.katariya liked this
sreekanth669 liked this
vinswin liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->