Active Directory Replication Topology

In this article in our series covering Active Directory, we’ll discuss the replication topology. The route replication traffic travels through a network is called the Replication Topology. Replication only occurs between two domain controllers at a time and, by doing so, the information in a forest is synchronized between all domain controllers.

Each domain controller runs a process called the Knowledge Consistency Checker (KCC). The KCC regenerates the replication topology for the domain partitions contained on a domain controller. It typically runs at a specific interval of 15 minutes end designates the replication routes between domain controllers that more most favorable at a given time.

The KCC evaluates information stored in the configuration partition in the Active Directory sites, the cost of sending data between sites, existing connection objects, and the replication protocols. If for some reason replication within a site is impossible, or has a single point of
failure, the KCC will establish new connection objects between domain controllers.

Replication of Partitions

When you define a domain controller as a global catalog server, that server stores the schema partition, configurations partitions, a read/write copy of the partition from its own domain, and a partial replica of all the domain partitions that are part of the forest. Now, when you add a new domain to an existing forest, the configuration partition adds the information about the new domain.

Because Active Directory replicates the configuration partition to all domain controllers by means of forest-wide replication, each global catalog server becomes a partial replica of the new domain.  A global catalog server will contact a domain controller in the new domain and obtain the replication information. Locating other global catalog servers is done by using DNS records in the forest’s DNS zone. Remember our previous article in the series about DNS?

Site Links

We’ve discussed in a previous article how site define the physical structure of a network using a collection of subnets that define a group of domain controllers having similar speed and cost. Active Directory sites contain the connection objects that enable replication.

When you create additional sites, you must select one or more site links for each site. Without a site link no connections can be made between servers at different sites and no replication can occur. Site links are not created automatically; you must create them manually using the Active Directory Sites and Services management console.

When the first domain in a forest is created, Active Directory will create a default site link named DEFAULTSITELINK.  If you want you can rename this link to something more meaningful.  To control replication using sites you create additional sites and subnets and delegate control of sites. Creating a site is as simple as providing a name for the site and associating the site with a site link. Just make sure you are member of the Enterprise Admins group.

A site link bridge specifies a chain of site links that each domain controller in the different sites can use to communicate. This helps to constrain the KCC to only particular paths in the site link topology, optimizing replication traffic. Bridging is enabled by default and all site links are transitive, meaning all site links belong to a single site bridge for a given transport protocol.

The bridgehead server is a domain controller that sends and received replicated data at each site. A bridgehead server from a source site will collect all replication changes and sends them to the bridgehead server of the receiving site, which then in its turn replicates those changes to all domain controllers in the site.

Inter  Site Topology Generator

Active Directory has a so-called inter site topology generator that defines the replication between the sites on a network.  This function is automatically assigned to a single domain controller. The domain controller that holds this role basically performs two functions:

  1. Assign one or more domain controllers to fulfill the bridgehead server role.
  2. Run the KCC to determine the replication topology and connection objects that the bridgehead servers can use to communicate with each other.

When you want to refresh the replication topology you want to determine if you want to refresh the topology between sites or the topology within the same site.

As you can tell, replication is an important function within Active Directory that for the most part runs automatically. We’ll discuss how to monitor replication and troubleshoot replication issues in a next article.