Last Updated on July 3, 2015 by Dishan M. Francis
In an infrastructure setup, it may have many domain controllers. Some may even in different sites. But in order to keep the consistency in network it’s important to have proper replication between these domain controllers. It is important to plan and optimize the replication process. For example let’s assume you have a remote site which is connect via 256kb link with head office. According to setup site have sales team and the AD sync is not crucial during the day to day work. So if we just leave it to trigger sync with default schedule it will just use large portion of the link just for this AD sync traffic. So when you place your AD servers in network make sure you also plan for the optimization in replication process.
AD replication between sites built based on the active directory knowledge consistency checker (KCC). Replication process is works differently based on the fact that traffic is passing within the site or between sites. Within site the replication will be fast and occurs more frequent.
When optimizing the replication process you can mainly use 3 factors.
Site Cost – This represent the bandwidth between sites.
Schedule – This represent how often replication should happen. For ex- If the site is just need 1 time replication for day for its operations no point doing it in every 2 hours’ time.
Interval – By default replication happens in every 180 minutes
It is always recommended to create sites where domain controller is placed. For example if the office A is in different city, we can create it as different site in the network. But if the bandwidth is not matters you still can keep it as one site.
If you use different sites, the replications happens via site link. Once you create site links it goes to inter-site transport container and it confirms the connectivity between each sites. The site links can reuse for sites which have same connectivity and availability.
To check the replication we can use 2 command line tools. Apart from that event viewer also can use to identify replication issues.
1) repadmin /showrepl
2) dcdiag /test:replications
In following I list down the main replication errors and solution for them.
Slow replication – most common replication error. To fix it you need to review event viewer entries. Also you need to review the AD topology, such as how sites are linked and how those site links are optimized.
Access is denied error – to fix it you need to follow
1) stop the KDC service – net stop kdc
2) purge ticket cache in DC
3) reset domain controller’s account password
4) sync replication partner’s domain directory partition with the PDC emulator
5) force replication
6) start the KDC service
DNS lookup failure / RPC service unavailable – to fix this error follow following steps
1) Run dcdiag /test:connectivity to verify DNS CNAME and A records
2) Check the IP configuration and ping domain controller
3) Restart netlogon service
Site and site link errors – check if the sites and site links connectivity is ok.
Manual replication access denied – verify the replication synchronization permissions. Use repadmin or replmon tools to force replication.
This is the end of article and if any questions feel free to ask me on rebeladm@live.com
