AD Replication Internally vs Site-to-Site

I’m focusing more on DNS updates. Below is how long a DNS record will update (new record or updated record). Some people think it’s instant but that’s not correct.

Here are the defaults:
Intra (Within a Site) = Approx. 3 minutes
Inter (Between Sites) = Approx. 3 hours

What this is saying is that if you update a DNS record or create a new one, it will take approximately 3 minutes before you see that record show up on another internal AD DNS server that is not over a Site Link (not going site to site). If you are going site to site, then it could take up to approximately 3 hours.

Here’s the break down:
Intra (Within a Site):
DC to DC Sync = 0-15 Seconds
DNS Reload Zone from AD Database = 180 Seconds
Total Approximate time = 3 minutes

Inter (Between Sites):
Default Site Link Replication = 180 Minutes
DC to DC Sync = 0-15 Seconds
DNS Reload Zone from AD Database = 180 Seconds
Total Approximate Time = 3 hours

What I’m showing you above are defaults and approximate. You may get 3 minutes or you may get 2 minutes. The Inter replication can be manually changed from 180 minutes to 15 minutes in the “AD Sites and Services” configuration. But Microsoft also gives you the option to make Inter act like Intra so you’re replication is a lot quicker with the use of change notifications. I’ll explain below.

Before I get into the Change Notification Change, if you would like to speed up or force the replication, you can always go into Sites and Service and force replication. But remember to go into DNS after and “reload” the zone.

=====CHANGE NOTIFICATION CHANGE
If you’re not satisfied with 15 minutes being the lowest for site to site replication, you can change this to behave as if there was NO site link. The reason for the site to site link settings was because back in the day people didn’t have the bandwidth and bandwidth was expensive. Today, we have 1 – 10G links going between sites to it’s not an issue anymore. To do this, you need to edit to enable Change Notifications. CN’s are what’s used internally between the DC’s. You will basically telling AD, treat my DC(s) that are in other sites as if they were within ONE site. Turn my Inter into and Intra!

Do do this, you have to go into ADSI Edit. But you need to know there are two types of site links. One is Manual, a site link you created and the other is default. The reason to know this is because you might have to do some binary work to get the Change Notifications enabled. See below.

For automatically created sitelinks:
Open ADSIEDIT
Connect to Configuration Naming Context
Expand Sites –> Intersite Transport –> IP
Right-click the relevant sitelink and select properties
Change the value of “options” to 1

For manually created sitelinks:
Open ADSIEDIT
Connect to Configuration Naming Context
Expand Sites –> (The site name) –> Servers –> (Servername) –> NTDS Settings
Right-click the relevant sitelink and select properties
Change the value of “options” to 8
Repeat for every manually configured sitelink (if desired)

—–IF VALUE IS SET TO ANYTHING BUT ZERO
If the value is set to anything other than zero, you’ll have to do some binary math to get the value you want.

The Connection Object uses the 4th bit (counting from right to left). The goal is to get the fourth bit to equal 1.

Dec <-> Binary
8 = 1000 (fourth bit = 1)
16 = 0001 0000 (fourth bit = zero (0))
16 + 8 = 24 = 1000 (fourth bit = 1)

More Stories
Cisco ASA Syslog Messages