Intrasite and Intersite Replication in Active Directory:
Intrasite Replication: This is the replication that happens within a site. By default, Active Directory will use the Remote Procedure Call (RPC) protocol over IP for intrasite replication. The default replication interval is very short, about every 15 seconds after changes have been made, with a delay of up to 3 seconds between replication partners.
Interval: 15 Seconds w/ 3 second subsequent delay notifications
Intersite Replication: This is the replication that happens between different sites. Active Directory will use either the RPC protocol over IP or Simple Mail Transfer Protocol (SMTP) for intersite replication. The replication interval is longer than for intrasite replication and is by default 180 minutes (3 hours). Intersite replication can be scheduled during certain hours and compressed to conserve bandwidth.
Interval: 180 minutes or 3 hours
AD Integrated DNS and its relation to Zones and Polling the AD Database:
AD Integrated DNS is a mechanism that stores DNS zone data in Active Directory. The zones that are stored in AD are replicated as part of the AD replication process.
There are two kinds of AD integrated DNS zones:
- Primary zones: These are read-write copies of the zone data. Changes to the DNS records are usually made here.
- Secondary zones: These are read-only copies of the zone data.
When it comes to polling, Active Directory periodically polls for changes in the DNS zones (known as a zone transfer). The default polling interval is every 15 minutes.
Interval: 15 minutes
MANUALLY FORCE INTERVALS
Force Intersite Replication:
If you want to force an intersite replication, you can use the “repadmin” command in Windows Server. Here is the syntax:
repadmin /replicate {DestinationDC} {SourceDC} {Naming Context}
Where:
- `{DestinationDC}` is the domain controller where you want the changes to replicate.
- `{SourceDC}` is the domain controller where the changes were made.
- `{Naming Context}` is the DN of the domain, configuration, or schema naming context.
Force a DNS zone to Poll the AD Database:
If you want to force a DNS zone to poll the AD database, you can use the `dnscmd` command. Here’s the syntax:
dnscmd /ZoneRefresh {DNS Server Name} {Zone Name}
Where:
- `{DNS Server Name}` is the name of your DNS server.
- `{Zone Name}` is the name of the DNS zone that you want to force to poll.
These commands are powerful and should be used with caution. Always ensure you have a good understanding of what they do and the potential implications before running them.
YOU DO HAVE OPTIONS
The `repadmin` utility is a powerful tool for managing Active Directory replication. Here are the differences between `/replicate` and `/syncall` commands:
- `/replicate`: This command initiates immediate replication of the specified directory partition to the destination domain controller from the source domain controller. It’s a manual way of pushing changes from one DC to another specific DC.
repadmin /replicate {DestinationDC} {SourceDC} {Naming Context}
- `/syncall`: This command synchronizes a specified domain controller with all replication partners, essentially forcing an immediate replication with all partners. It’s a way of ensuring that a particular DC is fully up-to-date with changes from all other DCs.
repadmin /syncall /AdeP
As for the `dnscmd`, here are the differences between `/ZoneRefresh` and `/zoneupdatefromds`:
- `/ZoneRefresh`: This command forces a manual refresh of a DNS zone on the DNS server. It essentially tells the server to check its data against what’s currently in the zone file (which may be stored in a text file or Active Directory, depending on the type of zone). It does not actively pull data from Active Directory.
dnscmd /ZoneRefresh {DNS Server Name} {Zone Name}
- `/zoneupdatefromds`: This command specifically forces the DNS server to load the zone data from Active Directory. This is used when DNS is integrated with AD and you want to force the server to update its data from AD immediately, rather than waiting for the next replication cycle.
dnscmd /zoneupdatefromds {Zone Name}
In both cases, these commands should be used with care, as they can cause significant network traffic and load on the servers if not used judiciously. Always ensure you have a good understanding of what they do and the potential implications before running them.
TRIGGER INTERSITE REPLICATION IMMEDIATELY
You do have an option to do an update synch immediately by using “USE_NOTIFY“. When you set the replication schedule and change notifications (USE_NOTIFY) for an IP site link, you are essentially controlling when and how often replication occurs between sites over that link. With “USE_NOTIFY” set, replication is triggered immediately when a change occurs rather than waiting for the next scheduled replication interval.
This feature is configured in Sites and Services under Sites, Inter-Site Transports, IP:
Doing this is not recommended but you do have the option. Use with caution and make sure you test it first.