Configure Replication for Active Directory

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Configure Replication

If you installed an Active Directory domain controller in the branch office, you must ensure that replication takes place continually. How you do this depends on whether this is a persistent connection or an on-demand connection.

Use the following procedures to accomplish these tasks:

• Configure a replication interval for a persistent connection

• Configure reciprocal replication for a one-way initiated on-demand connection

Configure a Replication Interval for a Persistent Connection

If this is a persistent connection, you can schedule replication to occur after a specified interval.

Use the Active Directory Sites and Services snap-in to configure a replication interval. For information about how to specify a replication interval, see Configure site link replication frequency in Help and Support Center for Windows Server 2003.

Configure Reciprocal Replication for a One-Way Initiated On-Demand Connection

If this is a one-way initiated on-demand connection, you must configure reciprocal replication using the Active Directory Service Interfaces (ADSI) Edit tool.

Install ADSI Edit, a Windows Support tool, on a domain controller in the main office or in the branch office. For information about how to install Windows Support Tools, which include ADSI Edit, in Help and Support Center for Windows Server 2003, click Tools, and then click Install Windows Support Tools.

Caution

• If you use the ADSI Edit snap-in and incorrectly modify the attributes of Active Directory objects, you can cause serious problems that might require you to reinstall Windows Server 2003. Microsoft cannot guarantee that problems resulting from the incorrect modification of Active Directory object attributes can be solved. Modify these attributes at your own risk.

To enable reciprocal replication on a site link for a one-way initiated on-demand connection

1. On a domain controller, type adsiedit.msc in the Run dialog box to open the ADSI Edit snap-in.

2. Expand the Configuration container, expand the Sites container, expand the Inter-Site Transports container, and then click CN=IP.

3. In the details pane, right-click the site link object for the sites for which you want to enable reciprocal replication, and then click Properties.

4. In the Attributes box, double-click Options.

5. In the Integer Attribute Editor dialog box, take one of the following actions:

   1. If the Value box displays <not set>, type 2.

   2. If a value is displayed, convert the integer value to a binary value and use the binary OR operation to combine that value with the binary value 0010, and then type the integer value of the result in the Value box.

      For a job aid that includes a table of examples showing how to perform this operation, see "Example: Contoso Connects Remote Sites" (DNSREM_1.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Example: Contoso Connects Remote Sites" on the Web at https://www.microsoft.com/reskit).

Alternatively, you can enable reciprocal replication on a connection, instead of on a site link.

To confirm reciprocal replication over a one-way initiated on-demand connection

1. On the branch office domain controller, create a user account called TestReplication.

2. On the calling router in the branch office, establish a connection to the answering router in the main office.

3. Wait 15 to 20 minutes, and then open Active Directory Users and Computers on a domain controller in the main office. If your connection is working correctly, the TestReplication user account will be listed.

4. To confirm that replication did in fact take place over the one-way initiated site-to-site connection, perform the following steps:

   1. On both the calling router and the answering router, type ipconfig at a command prompt. If, when you ran the Routing and Remote Access wizard, you chose the recommended option to configure IP address assignment from a specified range of addresses, the output of both ipconfig commands will include IP addresses from the specified address ranges.

   2. On the branch office domain controller, type tracert at a command prompt. If, when you ran the Routing and Remote Access wizard, you configured IP address assignment from a specified range of addresses, the output of the tracert command will include an IP address from the specified range that the answering router assigns to the calling router.