Active Directory Replication Considerations

Applies To: Windows Server 2008

Domain controllers running Windows Server 2008 can replicate Active Directory database partitions as listed in the following table. Although an RODC can replicate data from domain controllers running Windows Server 2003, it can replicate updates of the domain partition only from a domain controller running Windows Server 2008 from the same domain. RODCs cannot be a source domain controller for any other domain controller because they cannot perform outbound replication. Application directory partitions include ForestDNSZones and DomainDNSZones.

Destination domain controller Windows Server 2003 source domain controller Writable Windows Server 2008 source domain controller

Windows Server 2003

Schema

Configuration

Domain

Application directory partitions

Partial attribute set of the other domain partitions in the forest (global catalog)

Schema

Configuration

Domain

Application directory partitions

Partial attribute set of the other domain partitions in the forest (global catalog)

Writable Windows Server 2008

Schema

Configuration

Domain

Application directory partitions

Partial attribute set of the other domain partitions in the forest (global catalog)

Schema

Configuration

Domain

Application directory partitions

Partial attribute set of the other domain partitions in the forest (global catalog)

RODC

Schema

Configuration

Application directory partitions

Partial attribute set of the other domain partitions in the forest (global catalog)

Schema

Configuration

Domain

Application directory partitions

Partial attribute set of the other domain partitions in the forest (global catalog)

Writable domain controllers running Windows Server 2008 and domain controllers running Windows Server 2003 can perform inbound and outbound replication of all available partitions. Therefore, they do not require the same placement considerations that RODCs require.

Because an RODC can replicate the domain partition only from a writable domain controller running Windows Server 2008, the placement of each becomes important and requires careful planning. The placement of an RODC and writable domain controllers running Windows Server 2008 might be affected by the site topology and network constraints.

Each RODC requires a writable domain controller running Windows Server 2008 for the same domain from which the RODC can directly replicate. Typically, this requires that a writable domain controller running Windows Server 2008 be placed in the nearest site in the topology. The nearest site in this sense is defined as the site that has the lowest-cost site link for the site that includes the RODC.

For example, suppose you have Sites A, B, and C with site links A – B and B – C and the Bridge all site links option is disabled, as shown in the following figure. In order to put an RODC in Site C, a domain controller running Windows Server 2008 for the same domain should be placed in Site B to replicate the domain partition to the RODC. Placing only a domain controller running Windows Server 2003 in Site B would permit the RODC in Site C to replicate the schema, configuration, and application directory partitions, but not the domain partition.

If the Bridge all site links option is enabled, as shown in the next figure, a domain controller running Windows Server 2008 could be placed in Site A rather than Site B. This is because physical connectivity between Site A and Site C is now implicitly available.

Generally, the introduction of an RODC should require minimal, if any, replication topology changes. For example, consider a multitier replication topology where:

  • The Bridge all site links option is disabled.

  • RODCs are placed in tail sites.

  • Writable domain controllers running Windows Server 2008 are placed in the hub site.

This is shown in the following figure. In this case, you might create additional site links between the hub site and the tail sites to accommodate the need for direct replication between the RODC and the writable domain controller running Windows Server 2008.

For more information about the Active Directory replication topology and Bridge all site links option, see How Active Directory Replication Topology Works (https://go.microsoft.com/fwlink/?LinkId=67499).