Active Directory Replication in Depth

AD Replication In depth (Advanced Concept):

Hi Guys in continuation with my previous post ( Active Directory Replication Process ) Lets talk about replication in depth, so we know how Intra-site and Inter-site replication works, what topology, what protocols, default values and all. But we will have some questions like what happens if a object changes same time in different DCs with in site ?, what happens when a object last name or first name or attribute of object what ever changed in two or more different sites with same value and same time ?, which one actually get updated in the NTDS database ?. These all question will come on our mind.

So now will talk about this. AD needs to be able to track changes from different sources and determine which objects need to be replicated from one domain controller to another. So each domain controller maintains a local value called an update sequence number (USN) that keeps track of changes that are made at each domain controller and thus keeps track of which updates should be replicated to another domain controllers. Lets take small example here consisting of two domain controllers: DC-1 and  DC-2. Now DC-1 has a USN of  100 and DC-2 has USN of 200. An administrator logs on to DC-1 and changes the last name on SRobert's user account, thus incrementing DC-1's USN to 101. When DC-2 requests replication changes from DC-1, now DC-1 will transmit the change in SRobert's last name, which DC-2 will apply to its local copy of the ntds.dit file. Now if again Robert's first name edited on DC-2 then DC-2's USN will increase with 201 then that transmit to DC-1 then that applies to its local copy of ntds.dit file. 

In addition to the USN, each Active Directory attribute has a version ID associated with it, that keeps track of how many times that attribute has been changed. So, if the version ID of SRobert's last name attribute is 3 and an administrator changes it from Robert to Smith to Smith-Robert and back to Robert again, the new version ID of SRobert's last name attribute is now 6. If the same attribute is modified on two domain controllers at the same time, Active Directory will use the version ID as the first tie-breaker to determine which value to keep and which one to discard. So, if Robert's last name attribute n DC-1 has value of Robert and version ID of 6, while DC-2's copy of the SRobert object has been updated with a last name of Smith-Robert with version ID of 5, Active Directory will retain the value of Robert because it has the higher version ID.

If Active Directory cannot use the version ID as tie-breaker, the next tie-breaker is the timestamp, the time when the modification took place. In the case where two conflicting changes have the same version ID, the modification that took place later will be retained by Active Directory.

When replication information between sites, Active Directory will designate a bridgehead server in each site to act as a gatekeeper in managing site-to-site replication. This allows inter-site replication to update only one domain controller within a site. After bridgehead server is updated, it updates the remainder of its domain controller partners with the newly replicated information. For example, suppose the WAN link is down for several hours between two locations of a corporate network. During this time, changes are made to objects and attributes on both sides of the WAN link. When the WAN link comes back online, Active Directory compares the USNs, version IDs, and timestamps of the changes on the bridgehead server on both sides of the WAN link. After determining which updates "win" any tie-breakers that occurred, the bridgehead server in each site contacts its partner bridgehead servers and replicates the new Active Directory changes. After the bridgehead servers in each site have received all the latest replication updates, they will, in turn, continue to replicate the newly obtained information with other partner domain controllers in the same site. Active Directory convergence describes the amount of time that it takes for this process to take place so that all domain controllers in the environment contain the most up-to-date information.

So, in the extremely unlikely event that the version ID and the timestamp are the same, Active Directory will use the globally unique identifier (GUID) of the domain controller where the conflicting modifications took place. The domain controller with the lower GUID will win the third, and final, replication tie-breaker. 

So guys thats how Active Directory Replication work, let me know your comments, feedback and suggestion...