Replication Management Tasks

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Task Permissions Required to Perform Task

Create a Site / Add a Site

CC on cn=Sites, cn=Configuration, dc=<ForestRootDomain> (to create objects of class Site)

Specify the location of a Site

WP on the corresponding site object, cn=<Site>, cn=Sites, cn=Configuration, dc=<forestRootDomain> to modify the Location attribute

Associate a Group Policy with a Site

WP on the corresponding site object, cn=<Site>, cn=Sites, cn=Configuration, dc=<forestRootDomain> to modify the GP-Link attribute

WP on the corresponding site object, cn=<Site>, cn=Sites, cn=Configuration, dc=<forestRootDomain> to modify the GP-Options attribute

Modify Site Group Policy Options

WP on the corresponding site object, cn=<Site>, cn=Sites, cn=Configuration, dc=<forestRootDomain> to modify the GP-Options attribute

Disable automatic topology generation for a site

WP on cn=NTDSSiteSettings, cn=<SiteName>, cn=Sites, cn=Configuration, dc=ForestRootDomain where the <SiteName> is the name of the site, to modify the options attribute

Disable automatic topology cleanup for a site

WP on cn=NTDSSiteSettings, cn=<SiteName>, cn=Sites, cn=Configuration, dc=ForestRootDomain where the <SiteName> is the name of the site, to modify the options attribute

Disable minimum hops topology for a site

WP on cn=NTDSSiteSettings, cn=<SiteName>, cn=Sites, cn=Configuration, dc=ForestRootDomain where the <SiteName> is the name of the site, to modify the options attribute

Disable automatic stale server detection for a site

WP on cn=NTDSSiteSettings, cn=<SiteName>, cn=Sites, cn=Configuration, dc=ForestRootDomain where the <SiteName> is the name of the site, to modify the options attribute

Disable automatic inter-site topology generation for a site

WP on cn=NTDSSiteSettings, cn=<SiteName>, cn=Sites, cn=Configuration, dc=ForestRootDomain where the <SiteName> is the name of the site, to modify the options attribute

Disable Inbound Replication on a DC

WP on the corresponding NTDS Settings object with distinguished name cn=NTDS Settings, cn=<Computer-Name>, cn=Servers, cn=<SiteName>,cn=Sites,cn=Configuration, dc=<forestRootDomain> to modify the options attribute

Disable Outbound Replication on a DC

WP on the corresponding NTDS Settings object with distinguished name cn=NTDS Settings, cn=<Computer-Name>, cn=Servers, cn=<SiteName>,cn=Sites,cn=Configuration, dc=<forestRootDomain> to modify the options attribute

Delete a Site

SD on the site object itself OR DC on cn=Sites, cn=Configuration, dc=<ForestRootDomain> (to delete objects of class Site).

noteNote
DC on parent will grant permission to delete all objects under the parent (and if class is specified, then only all objects of specified class).

Create a Subnet / Add a Subnet

CC on cn=Subnets, cn=Sites, cn=Configuration, dc=<ForestRootDomain> (to create objects of type Subnet)

Specify the location of a Subnet

WP on the corresponding subnet object, cn=<Subnet>, cn=Subnets, cn=Sites, cn=Configuration, dc=<forestRootDomain> to modify the Location attribute

Associate a Subnet with a Site

WP on the corresponding subnet object cn=<SubnetName>, cn=Subnets, cn=Sites, cn=Configuration, dc=<ForestRootDomain> to modify the siteObject attribute

Delete a Subnet

DC on cn=Subnets, cn=Sites, cn=Configuration, dc=<ForestRootDomain> (to delete objects of class Subnet)

Create a Site Link

CC on cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> OR on cn=SMTP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> (to create objects of class siteLink)

Add/Remove sites to/from a Site Link

WP on cn=<siteLink>, cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> OR on cn=<siteLink>, cn=SMTP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where <siteLink> is the site link to/from which a new site is being added/removed, to modify the site-list attribute

Modify the cost associated with a site link

WP on the siteLink object cn=<SiteLink>, cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> OR on the siteLink object cn=<SiteLink>, cn=SMTP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where the <SiteLink> identifies the associated site link, to modify the cost attribute.

Modify the replication period associated with a site link / Control link availability

WP on the siteLink object cn=<SiteLink>, cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where the <SiteLink> identifies the associated site link, to modify the Repl-Interval attribute

Modify the replication schedule for a site link

WP on the corresponding site link object cn=<siteLink>, cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> OR on cn=<siteLink>,cn=SMTP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain>, to modify the schedule attribute

Delete a Site Link

DC on cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> OR on cn=SMTP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> (to delete objects of class siteLink)

Create a Site Link bridge (object)

CC on cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> OR on cn=SMTP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> (to create objects of class siteLinkBridge)

Add/Remove sites to/from a Site Link Bridge

WP on cn=<siteLinkBridge>, cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> OR on cn=<siteLinkBridge>, cn=SMTP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where <siteLinkBridge> is the site link ridge to/from which a new site is being added/removed, to modify the site-link-list attribute

Create a single bridge for the entire network / Turn off the “Bridge all site links” option for IP/SMTP transport

WP on the corresponding (IP/SMTP) interSiteTransport object cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> OR on cn=SMTP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain>, to modify the options attribute

Enable Reciprocal Replication between sites (only for IP transport links)

WP on cn=<SiteLink>, cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where <SiteLink> identifies the associated site link, to modify the options attribute

Enable Change Notification between sites (only for IP transport links)

WP on cn=<SiteLinkName>, cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where the SiteLinkName identifies the associated site link, to modify the options attribute

Delete a Site Link bridge (object)

DC on cn=IP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> OR on cn=SMTP, cn=Inter-Site Transports, cn=Sites, cn=Configuration, dc=<ForestRootDomain> (to delete objects of class siteLinkBridge)

Create a Connection (object)

CC on cn=NTDSSettings, cn =<ServerName>, cn=Servers, cn=<SiteName>, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where ServerName is the name of the DC to which the connection in inbound (to create objects of class NTDS-Connection)

Take ownership of a KCC-generated connection object

WP on cn=<ConnectionName>, cn=NTDSSettings, cn =<ServerName>, cn=Servers, cn=<SiteName>, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where <ConnectionName> is the name of the KCC-generated connection, to modify the options attribute

Manually set a schedule for connection objects

WP on cn=<ConnectionName>, cn=NTDSSettings, cn =<ServerName>, cn=Servers, cn=<SiteName>, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where <ConnectionName> is the name of the KCC-generated connection, to modify the options attribute

Enable/disable data compression for intersite replication

WP on cn=<ConnectionName>, cn=NTDSSettings, cn =<ServerName>, cn=Servers, cn=<SiteName>, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where <ConnectionName> is the name of the KCC-generated connection, to modify the options attribute

Delete a Connection (object)

DC on cn=NTDSSettings, cn =<ServerName>, cn=Servers, cn=<SiteName>, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where ServerName is the name of the DC to which the connection in inbound (to delete objects of class NTDS-Connection)

Note

An NTDS-Connection object created by the KCC should not be deleted. If it is, the KCC will regenerate it. Only a manually created NTDS-Connection object might be deleted.

Change the default setting for the intra-site replication schedule within a site

WP on cn=NTDSSiteSettings, cn=<SiteName>, cn=Sites, cn=Configuration, dc=ForestRootDomain where the <SiteName> is the name of the site, to modify the schedule attribute

Designate / Remove a preferred bridgehead server

WP on cn =<ServerName>, cn=Servers, cn=<SiteName>, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where ServerName is the name of the server being designated as a Preferred Bridgehead server, to modify the Bridgehead-Transport-List attribute

Replace a failed Preferred Bridgehead Server

Do one of the following?:
Add new domain controllers as preferred bridgehead servers for the corresponding directory partitions, site and transport

- OR -

Remove all preferred bridgehead designations made for the corresponding site and transport (for the corresponding directory partition), in which case KCC selects new ones automatically; remove them for each domain directory partition and for each transport on a DC in each affected site

Specify a fixed-port for RPC-based replication

WP on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NTDS\Parameters to modify the registry entry TCP/IP Port

Adjust default size of packets that transport Active Directory replication data

The following registry entries (with registry path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NTDS\Parameter) are added/modified (with the REG_DWORD data type):

  • For RPC replication within a site: Replicator intra site packet size (objects) & Replicator intra site packet size (bytes)

  • For RPC replication between sites: Replicator inter site packet size (objects) & Replicator inter site packet size (bytes)

  • For SMTP replication within a site: Replicator async inter site packet size (objects) & Replicator async inter site packet size (bytes)

Thus, appropriate permissions required to Create and/or modify these registry keys will be required to delegate the operation

Increase the level of detail logged by the KCC in the event log

WP on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics to modify the 1 Knowledge Consistency Checker entry

Modify the interval at which the KCC runs its first replication topology after the DC starts

WP on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters to modify the registry entry Repl topology update delay (secs)

Modify the interval at which the KCC checks the replication topology (after it has run the first time)

WP on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters to modify the registry entry Repl topology update period (secs)

Force Replication Topology Generation

Extended right Manage Replication Topology needed on cn=configuration, dc=<forestRootDomain>

Modify the holdback timer that determines the interval between the time a change is made and the time that the source server notifies its replication partners within a site

WP on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters to modify the registry entry Replicator notify pause after modify (secs)

Modify the default delay between notifications to all the replication partners of a DC

WP on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters to modify Replicator notify pause between DSAs (secs)

Force replication between two servers

Extended right Replication Synchronization needed on cn=configuration, dc=<forestRootDomain>

Force a synchronization between two servers

Extended right Replication Synchronization needed on cn=configuration, dc=<forestRootDomain>

Set a DC not to contact the PDC emulator if the PDC emulator role owner is not in the current site

WP on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NTDS\Parameters to modify the registry entry AvoidPdcOnWan

Modify the thresholds that make the KCC exclude non-responding servers when it recognizes that a DC has failed or is unresponsive

The following registry entries (with registry path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameter) are added/modified (with the REG_DWORD data type):

For replication between sites:

  • IntersiteFailuresAllowed and MaxFailureTimeForIntersiteLink (secs)

  • For optimizing connections within a site: NonCriticalLinkFailuresAllowed and MaxFailureTimeForNonCriticalLink

  • For immediate neighbor connections within a site: CriticalLinkFailuresAllowed and MaxFailureTimeForCriticalLink

Thus, appropriate permissions required to Create and/or modify these registry keys will be required to delegate the operation

Get Replication Latency Information

In Windows 2000, Extended right Manage Replication Topology needed on domain NC head

In Windows Server 2003, Extended right Monitor Replication Topology or Manage Replication Topology needed on domain NC head

Get Pending operations on DC ( Queue Length )

In Windows 2000, Extended right Manage Replication Topology needed on domain NC head

In Windows Server 2003, Extended right Monitor Replication Topology or Manage Replication Topology needed on domain NC head

Check Replication Status

In Windows 2000, Extended right Manage Replication Topology needed on domain NC head

In Windows Server 2003, Extended right Monitor Replication Topology or Manage Replication Topology needed on domain NC head