How do you force replication from one DC to another?
|
One possible scenario for forcing replication is to synchronize your servers before taking one down for maintenance. Show Active Directory Sites and Services can force replication between partners. When you click the destination server and open its NTDS settings, its partner(s) are listed in the details pane. Right-click to select one, then choose Replicate Now on the menu. As shown in Figure 14.17, HQ2 is the destination, while DC3, the source, is the server about to be taken offline. The fact that forced replication is a one-way street should not be a limitation, because in this scenario you would be more concerned with sending data from DC3 rather than receiving it. Later, when DC3 is reactivated, HQ2 will bring it up-to-date. While the menu option says Replicate Now, you should be aware that this really only queues up a request to replicate. Depending upon how busy the servers in question are, and how busy the connection between them is, the actual replication process might not start for quite some time. Like Exchange Server administration, managing Active Directory is often a "hurry up and wait" process. Figure 14.17 Forcing replication Figure 14.17 Forcing replication  I should also mention that forcing replication has caused me more problems than it has cured in the field. In my current project, we've actually added a day to each upgrade. I come in a day early, run DCPROMO to elevate the new server to domain controller status, and then let replication occur overnight (rather than forcing the issue immediately). While I have no hard-copy proof, this seems to be more stable than trying to force immediate updates to the server's AD database. When we first started, we were coming in on Friday, running DCPROMO, and then forcing replication. We ended up have numerous replication issues—often weeks later. Now that I go in on Thursday and give the system a night to replicate, we are experiencing very few replication issues—both in the short term (the weekend of the upgrade) and in the long term. Replication Administration (REPADMIN) Replication Administration (REPADMIN) is a command-line tool that monitors replication links for a specific domain controller. It's located in the Support\Tools folder on the Windows 2000/Windows Server 2003 CD. As we've done previously, double-click support.cab and copy repadmin.exe to your hard drive. Better yet, copy all those utilities, since repetition is not fascinating. REPADMIN provides information about replication partners for a particular domain controller and can also force replication. Figure 14.18 shows the result of information gathered by using REPADMIN. Type the command as shown below, using the DNS name of the destination server. I've omitted the naming context, which is optional. The result is that REPADMIN tells us that the replication partner for DC3 is HQ2, and then it goes on to list the domain naming, configuration, and schema partitions stored on HQ2 and when they were last updated. The invocation ID is the GUID for the database. Repadmin /showreps ~FiWIfrDQWS\systcm32\cird.exe F:MJtils>repadmin /showreps
dc3.royal-tech2.com Default-First-Site-NamevDC3 DC Options: DC object GUID: a5c764d5-8fa9-471da7da-5aea865e43e? DC invocationID: cceac288-ed3a-4bde-aabF-403997df7f74 ==== INBOUND NEIGHBORS ====================================== Default-First-Site-Name\HQ2 uia RPC DC object GUID: f6548280-3323-4849-91c4-6cfc3S4819db Last attempt t? 2082-18-29 16=82=87 was successful. CN-Conf igurat ion,DC-ro yal~ tech2,DC-corn Defau 11—First —S ite-Name\UQ2 uia RFC DC object GUID: f6548280-3323-4849-91c4-6cfc354819db Last attempt 0 2002-10-29 16:00:31 was successful. CN =Sc liema , CN=Conf igu rat ion , DC=i'o ya 1—t ec h2 r DC=com Default First Site Name\1IQ2 vid RFC DC object GUID: f6548280-3323-4849-91c4-6cfc3548l9db Lust attempt £ 2002 10 29 15=55=00 was successful. Figure 14.18 REPADMIN displays replication information If you plan to do some maintenance on a server and want to synchronize its AD database before taking it down, you could force it to pull replication updates from its partners with the REPADMIN command as listed below. Repadmin /syncall You'll notice in Figure 14.19 that I used the naming context this time by breaking up the DNS name and prefacing each portion of the name with dc=. If you omit the naming context, this command will automatically update the schema and configuration as well as the domain-naming context. ~¥i\ WIDOWS ysystcm32\cind.c F:\Utils>repadmin /syncall hq2 . royal—tech2 .com dc^royal—tech2,dc=com /\ Syncing partition: de =rooal-tech2,dc =com CALLBACK MESSAGE: The Following replication is in progress: From: a5e764d5-8fa9-471d-a7da-5aea865c43e9._msdcs.royal~tech2.com To : f6548280—3323—4849—91c4—6cPc354819db._msdcs.royal-tech2.com CALLBACH MESSAGE: The following replication completed successfully: From: a5c?64d5-8fa9-4?ld-a?da-6aea065c43e9._msdcs.royal-tech2.com To : f6548280-3323-4849-91c4-6cfc35481?db._msdcs.royal-tech2.eom CALLBACK MESSAGE: SyncAll Finished. SyncAll terminated with no errors. Figure 14.19 REPADMIN replicates all objects Disabling the Knowledge Consistency CheckerAt times, you may need to disable the Knowledge Consistency Checker to configure site replication manually. ldp .exe is a graphical utility that can accomplish this. It's available in the \Support\Tools folder on the Windows 2000/Windows Server 2003 installation CD. Double-click support.cab and copy ldp.exe to your hard drive. Follow these steps: 1. Run the ldp.exe program, select Connection, and click Connect on the menu, as shown in Figure 14.20. Figure 14.20 Forcing replication Figure 14.20 Forcing replication 2. Insert the name of the server in the dialog box that appears and click OK. Data is displayed in the right pane, as shown in Figure 14.21. Figure 14.21 Server information in LDP
3. Click Bind on the Connection menu, then supply an administrative account and the DNS name for the domain. A comment should appear in the details pane that states you've been authenticated. 4. Select Tree on the View menu. Type the distinguished name of the container for the site object in the BaseDN box. If the object is located, it will be listed in the left pane. In our example, we would type the following: CN=Royal-Tech,CN=Sites,CN=Configuration,DC=hq2,DC=royal-tech2,DC=com 5. Click the plus sign to expand the listing. Double-click the object that reads CN=NTDS Site Settings to display its attributes in the details pane. 6. Copy the string of data that begins with >>Dn, click Modify on the Browse menu, and paste the data into the Dn box. 7. Type Options in the Attribute box, then type a number in the Values box according to the choices listed in Table 14.2. Table 14.2: Options to Disable KCC with the LDP Utility Value description 1 Disables intra-site topology generation 16 Disables inter-site topology generation 17 Disables both intra- and inter-site topology generation 8. Select Replace in the Operation box, click Enter, and then click Run. This can also be accomplished through a manual Registry edit, but that is much more dangerous than using the LDP utility. I've had to use this process a few times in the field. If your environment includes numerous defined AD sites, the KCC will often come up with a replication topology that makes no sense whatsoever. My current project is a perfect example. The company's network consists of 20 physical locations connected through a 56Kbps frame-relay network. Given the costs associated with each "path" established through a frame-relay environment, we configured the network as a star—the company headquarters in Minneapolis is the hub, and all of the other sites have a connection to that hub. In other words, all traffic must come through the corporate office before going to any other location (another way to look at this is that no location is more than two hops from any other). When the KCC finished "analyzing" the AD structure, it decided that the replication topology "hub" should be one of the satellite sites. In other words, all AD replication traffic would first go to the California server, before being passed along to all of the other domain controllers throughout the network. At first glance, this doesn't seem too bad; all replication traffic passes through two hops before reaching its destination. If you add in the physical layout of the network, though, this is a really stupid design. All of the traffic has to physically pass through the corporate hub before going anywhere. This meant that all of the AD replication traffic would first go to Minneapolis, then to California, before being directed (back through Minneapolis) to its destination. I turned off the KCC, created my own site connectors, and used the corporate domain controllers as the replication hub. Continue reading here: Distributed File System Replication DFS Was this article helpful? How do you force replication?Forcing Replication
To do so, open the console, and locate the domain controller that you want to replicate. This domain controller will request changes from its replication partners. Locate the connection over which you want to force replication, right-click the connection, and select Replicate Now.
How do I force replication between two domain controllers in a site?Start the Microsoft Management Console (MMC) Active Directory Sites and Services snap-in.. Expand the Sites branch to show the sites.. Expand the site that contains the DCs. ... . Expand the servers.. Select the server you want to replicate to, and expand the server.. Double-click NTDS Settings for the server.. How do you force KCC replication?You can run the KCC by selecting the desired site in the Active Directory Sites and Services console, expand the Servers folder from this site, expand the server node and click on NTDS Settings, right-click in the details pane and click on All Tasks -> Check Replication Topology.
How do domain controllers replicate?On each domain controller, the KCC creates replication routes by creating one-way inbound connection objects that define connections from other domain controllers. For domain controllers in the same site, the KCC creates connection objects automatically without administrative intervention.
How long does it take for DC to replicate?Intra-site replication: With the exception of critical directory updates that are replicated immediately, the source DC updates changes to its closest replication partner every 15 seconds. Inter-site replication: By default, the replication interval is 180 minutes and can be adjusted to be as low as 15 minutes.
|
