Multimaster Replication

  • Article

Active Directory supports multimaster replication , which is replication in which any domain controller can send or receive updates of information stored in Active Directory. Replication processing is performed on a per-property basis, which means that only relevant changes are propagated. Replication processing differs from DNS full zone transfers, in which the entire zone is propagated. Replication processing also differs from incremental zone transfers, in which the server transfers all changes made since the last change. With Active Directory replication, however, only the final result of all changes to a record is sent.

When you store a primary zone in Active Directory, the zone information is replicated to all domain controllers within the Active Directory domain. Every DNS server running on a domain controller is then authoritative for that zone and can update it.

Name Collisions

Because all domain controllers in the domain can make changes to the same zone, it is possible for someone to update a property of an Active Directory object on one domain controller and someone else to update the same property on another domain controller simultaneously (or nearly simultaneously), thus making the information about the property on one domain controller inconsistent with that on the other domain controller. When a property changes in a second domain controller before a change from the first server replica has been propagated, a replication collision occurs.

Replication collisions can affect Active Directory–integrated DNS zones. Suppose that the same name is simultaneously created within the same domain and on two different domain controllers. The changes replicate, and Active Directory determines that there are two different dnsNode objects that have the same name. To solve the problem, the replication subsystem of Active Directory changes the name of the object that was created first by adding to the name a special character and a globally unique identifier (GUID), which is a unique 128 - bit number that Active Directory associates with an object to make the object unique. This "disambiguates" the name of the object so that the two objects have different names. The next time that the DNS server pulls changes from Active Directory, the DNS server deletes the copy of the host object with the GUID. Thus, DNS accepts the last name to be created.

If you simultaneously modify a name object on two different server replicas, Active Directory must decide which change (attribute value) will be accepted and which will be discarded. To do so, Active Directory selects the attribute value that has the highest version number. If the version numbers are the same, Active Directory selects the attribute value that has the latest timestamp. Thus, DNS accepts the second change. For more information about replication collisions, see "Active Directory Replication" in the Microsoft ® Windows ®  2000 Server Resource Kit Distributed Systems Guide .

Causing Immediate Replication

When setting up DNS or troubleshooting replicas, you might not want to wait for the normal replication cycle. If so, you can cause replication to take place immediately. Keep in mind that your network performance affects how long it takes to update the target domain controller.

To cause immediate replication

  1. Click Start , point to Programs , point to Administrative Tools , and then click Active Directory Sites and Services .

  2. Double-click the Sites icon to expand it.
    All sites are displayed — including the first site, labeled Default-First-Site-Name — and any other site that has been manually configured.

  3. Double-click the site that you want to expand.

  4. Under the site you want, double-click the Servers icon to expand it, and then expand the icon for the computer. The NTDS Settings icon is displayed.

  5. Click the NTDS Settings icon.
    One or more objects are listed in the right pane. One of those objects is a link to the domain controller on which you want to cause immediate replication.

  6. Right-click the object that links to the domain controller on which you want to cause immediate replication, and then click Replicate Now .