Active Directory  «Prev  Next»
Lesson 4Compare replication within a site and between sites
ObjectiveDefine the differences between replication within a site and between sites.

Using Connection Sites for Intrasite/Intersite Replication

Connection objects establish the path for replication between domain controllers within a site (intrasite replication) and between domain controllers in different sites (intersite replication). However, you must consider important differences between these types of replication when creating sites and placing domain controllers within those sites.
  1. Intra-site replication: Replication of the Active Directory partition that occurs within a site.
  2. Intersite replication: Replication of the Active Directory partition that occurs between different sites.

  1. Replication within Active Directory Site: Intrasite Replication: It is important to remember that replication within a site is designed to work with fast, reliable connections. Intrasite replication happens through a process called change notification.
  2. Intrasite Replication through Change Notification: To keep bandwidth usage down, replication within a site occurs through a change notification process.

The series of diagrams below demonstrates how this happens:

Change Notification Process in AD

1) When a change to an object occurs on a domain controller, the domain controller waits for a configurable interval
1) When a change to an object occurs on a domain controller, the domain controller waits for a configurable interval. This interval is 5 minutes by default.

2) When the interval has passed, the domain controller sends a notification message to its replication partners, informing them of the change.
2) When the interval has passed, the domain controller sends a notification message to its replication partners, informing them of the change.

3) The domain controller continues to accept changes during this interval.
3) The domain controller continues to accept changes during this interval.

4) When the replication partners receive the change notification, they copy the changes from the originating domain controller.
4) When the replication partners receive the change notification, they copy the changes from the originating domain controller.

5) If no changes occur duing a configurable period.
5) If no changes occur during a configurable period (6 hours by default)

6) A domain controller initiates a replication sequence with its replication partners to ensure that no changes were missed.
6) A domain controller initiates a replication sequence with its replication partners to ensure that no changes were missed.

Describe Change Notification Process in Active Directory

In Active Directory, change notification is a process that allows domain controllers to exchange information about changes made to Active Directory data. This process helps to ensure that all domain controllers have an up-to-date copy of the directory data and enables them to handle client requests for directory information more efficiently. There are two main types of change notification in Active Directory:
  1. Intra-Site Change Notification: This type of change notification occurs within a single Active Directory site and is used to replicate changes between domain controllers in the same site.
  2. Inter-Site Change Notification: This type of change notification occurs between Active Directory sites and is used to replicate changes between domain controllers in different sites.

The change notification process works as follows:
  1. When a change is made to Active Directory data on a domain controller, the domain controller writes the change to its local copy of the directory database (also known as the "Directory Information Tree" or "DIT").
  2. The domain controller then sends a notification of the change to its replication partners.
  3. The replication partners receive the notification and request the updated data from the domain controller that made the change.
  4. The domain controller sends the updated data to the replication partners, which update their local copies of the directory database.
  5. The process continues until all domain controllers have an up-to-date copy of the directory data.
In summary, AD change notification helps to ensure that all domain controllers in an Active Directory environment have the same data, which allows them to respond to client requests for directory information more efficiently.

Consider the available Bandwidth for uncompressed Replication Traffic

Because a site assumes fast, highly reliable links, replication traffic within a site is uncompressed. This helps reduce the processing load on the domain controllers.However, this uncompressed traffic can increase the network bandwidth required for replication messages. This is why it is important that you determine the actual available bandwidth on your links when determining the site layout that your network requires. Remember to consider the available bandwidth for uncompressed replication traffic when configuring sites for your network.

Urgent Replication

Certain security-sensitive updates are replicated immediately within a site. The following are flagged for security-sensitive update:
  1. Changes to the account lockout policy
  2. Changes to the domain password policy
  3. Changes to the password on a computer account
  4. Replication of a newly locked-out account
  5. Changes to a Local Security Authority (LSA) secret

  1. Replication between sites: Intersite Replication: In contrast to replication within a site, replication between sites is designed under the assumption that the network links between sites have limited available bandwidth and may not be reliable. Understanding how replication between sites occurs is critical when determining how to create a multiple site structure.
  2. Intersite Replication through Scheduling: Replication between sites does not occur through a change notification process. When and how often replication occurs between sites are defined by configurable values, such as a schedule and an interval. The schedule determines at what times replication is allowed to occur, and the interval specifies how often domain controllers check for changes during the time that replication is allowed to occur.
  3. Consider the Processing load of Compressed Traffic: Replication traffic between sites is designed to optimize bandwidth. This is accomplished by compressing all replication traffic between sites. Replication traffic is compressed to 10-15 percent of its original size before it is transmitted. Although compression optimizes network bandwidth, it imposes an additional processing load on domain controllers. Urgent replication is not available for replication between sites.

Replication at a Glance

What determines the success of each of these types of replication? The table below examines the process, goals, and factors influencing the success of each:
Replication type Assumes Process Urgent replication Success factor depends on balance between goal and cost
Intra-site Fast, reliable connections Change notification and replication sequence Immediate Cost: increased network bandwidth Success factor: monitoring the increased load on the network
Inter site: multiple site structure Limited available bandwidth Replication scheduling Not available Goal: optimize bandwidth Cost: increased processing load Success factor: monitoring the increased processing load on the domain controllers

In the next lesson, we will discuss replication protocols and the factors you need to consider when selecting replication protocols for replication between sites.

Intra versus Intersite Replication

Click the Exercise link below to complete a matching exercise for inter- and intrasite replication
Intra versus Intersite Replication

SEMrush Software