Domain Replication and the knowledge consistency checker

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Windows NT has a single domain controller with an writeable directory, the PDC. All changes took place on the PDC and were replicated to the read-only backup domain controllers, BDCs. This is called single master replication. Any Windows 2000 domain controller can be modified. Since any domain controller can be modified, maintaining consistency is complex. The replication process is called muliple master replication. W2K's knowledge consistency checker (KCC) creates connections dynamically between the domain controllers and triggers replication.

As the number of domain controllers increases, replication consumes more and more network bandwidth. The KCC balances the need for consistency against bandwidth limitation using the timely contact rule. This means that no domain controller is allowed to be more than 3 connections from any other domain controller. The KCC maintains domain consistency automatically. It does mean that instead of there being two versions of the directory as in Windows NT (the PDC's and the unreplicated BDC's), Windows 2000 can have multiple slightly different directories. The process is automatic and is best left alone.

As in Windows NT, you can force replication. You can manually force the KCC to run immediately using the Replication Diagnostics Tool (Repadmin.exe) from the Windows 2000 Support Tools located in the support.cab file in \support\tools directory on Windows 2000 CD. To force the KCC on the server named server1.mydomain.com, you would issue the following command.

Repadmin /kcc server1.mydomain.com

Intersite replication relaxes the timely contact rule since replication between sites usually occurs over slower links. The KCC can be optimized for your particular intersite replication needs. You can force replication between certain sites to occur after hours and/or at an interval of your choice. The Sites and Services MMC snap-in allows you to control intersite replication. You use it to create site link bridge objects and configure the replication patterns.

Bridgehead servers perform directory replication between two sites. Only two designated domain controllers talk to each other. These domain controllers are called bridgehead servers. If you have domain controllers from multiple domains, you will have a bridgehead server for each domain.

Each Active Directory site also has one domain controller that takes the role of Inter-Site Topology Generator (ISTG), which reviews and generates the connection object for the bridgehead servers in each site. There is only one domain controller with this role in each site, even if you have multiple domains. The first domain controller in the site becomes the ISTG for the site by default. You can't controller which domain controller is the ISTG, but you can know which one is the ISTG:

  • Open the Active Directory Sites and Services console.
  • Select the site object.
  • In the right pane right-click the NTDS Site Settings object and select Properties. The current role owner will appear in the Server box under Inter-Site Topology Generator on the Site Settings tab.

If the domain controller holding the ISTG role is offline for more than 60 minutes, another domain controller in the site will automatically take over this role.

Featured Links