Replication of Linked Multivalued Attributes

Replication of linked multivalued attributes depends on the forest functional level

Forest functional level

What happens?

< Windows Server 2003

Change triggers replication of the entire membership list

= Windows Server 2003

Replication occurs by individual value instead of the whole attribute

ILLEGAL FOR NON-TRAINER USE

ILLEGAL FOR NON-TRAINER USE

Introduction

Linked multivalued attributes and forest functional levels

The process of replication of linked multivalued attributes is different than the normal replication that occurs in Active Directory.

The process by which linked multivalued attributes are replicated varies, depending on the functional level of the forest:

■ When the functional level of the forest is below Windows Server 2003, any change that was made to a group membership triggers replication of the entire membership list. The multivalued member attribute is considered a single attribute for the purpose of replication in this case. This replication increases the probability of overwriting a membership change that another administrator performed on another domain controller before the first change was replicated.

■ When the functional level of the forest is set to Windows Server 2003, an individual value replicates changes to linked multivalued attributes. This improved functionality replicates only changes to group membership and not to the entire membership list.

Note For more information about adjusting replication and configuring entries in Active Directory, see "Replication of Linked Multivalued Attributes" in Module 7 on the Appendices page on the Student Materials compact disc.

What Are Directory Partitions?

Active Directory Partitionen

*****************************illegal for non~trainer use ******************************

Introduction The Active Directory database is logically separated into directory partitions, a schema partition, a configuration partition, domain partitions, and application partitions. Each partition is a unit of replication, and each partition has its own replication topology. Replication is performed between directory partition replicas. All domain controllers in the same forest have at least two directory partitions in common: the schema and configuration partitions. All domain controllers in the same domain, in addition, share a common domain partition.

What is a schema Only one schema partition exists per forest. The schema partition is stored on

Partition? all domain controllers in a forest. The schema partition contains definitions of all objects and attributes that you can create in the directory, and the rules for creating and manipulating them. Schema information is replicated to all domain controllers in the forest. Therefore, all objects must comply with the schema object and attribute definitions.

What is a configuration There is only one configuration partition per forest. Stored on all domain partition? controllers in a forest, the configuration partition contains information about the forest-wide Active Directory structure, including what domains and sites exist, which domain controllers exist in each forest, and which services are available. Configuration information is replicated to all domain controllers in a forest.

What is a domain Many domain partitions can exist per forest. Domain partitions are stored on partition? each domain controller in a given domain. A domain partition contains information about all domain-specific objects that were created in that domain, including users, groups, computers, and organizational units. The domain partition is replicated to all domain controllers of that domain. All objects in every domain partition in a forest are stored in the global catalog with only a subset of their attribute values.

What is an application Application partitions store information about applications in Active Directory. petition? Each application determines how it stores, categorizes, and uses application-

specific information. To prevent unnecessary replication of specific application partitions, you can designate which domain controllers in a forest host specific application partitions. Unlike a domain partition, an application partition cannot store security principal objects, such as user accounts. In addition, the data in an application partition is not stored in the global catalog.

As an example of application partition, if you use a Domain Name System (DNS) that is integrated with Active Directory, you have two application partitions for DNS zones: ForestDNSZones and DomainDNSZones.

■ ForestDNSZones is part of a forest. All domain controllers and DNS servers in a forest receive a replica of this partition. A forest-wide application partition stores the forest zone data.

■ DomainDNSZones is unique for each domain. All domain controllers that are DNS servers in that domain receive a replica of this partition. The application partitions stores the domain DNS zone in the DomainDNSZones

<domain name>.

Each domain has a DomainDNSZones partition, but there is only one ForestDNSZones partition. No DNS data is replicated to the global catalog server.

Global Dns Replicatiom

Domain A Topology

Domain B Topology Schema and Configuration Topology

Domain Controllers from Various Domains

Domain A Topology

Domain B Topology Schema and Configuration Topology

ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ

ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ

Introduction

Replication of partitions

ILLEGAL FOR NON-TRAINER USE

Replication topology is the route by which replication data travels throughout a network. Replication occurs between two domain controllers at a time. Over time, replication synchronizes information in Active Directory for an entire forest of domain controllers. To create a replication topology, Active Directory must determine which domain controllers replicate data with other domain controllers.

Active Directory creates a replication topology based on the information that is stored in Active Directory. A replication topology can differ for schema, configuration, domain, and application partitions.

Because all domain controllers within a forest share schema and configuration partitions, Active Directory replicates schema and configuration partitions to all domain controllers. Domain controllers in the same domain also replicate the domain partition. In addition, domain controllers that host an application partition replicate the application partition.

To optimize replication traffic, a domain controller may have several replication partners for different partitions. Active Directory replicates updates to the directory across domain controllers that contain the updated partition in the forest.

Connection objects Domain controllers that are linked by connection objects are called replication partners. The links that connect replication partners are called connection objects. Connection objects are created on each domain controller and point to another domain controller for a source of replication information. They are a one-way replication path between two server objects.

The default replication topology in a site is a bidirectional ring, which consists of two complementary unidirectional connection objects between adjacent domain controllers. This topology improves fault tolerance when one of the domain controllers is offline.

Active Directory creates additional connection objects as necessary to ensure statistically that the maximum number of hops that it takes to replicate an originating update to all replicas of a given partition in a ring is not more than three.

Was this article helpful?

0 -1

Responses

  • kia tuomi
    What is schema in active directory?
    7 years ago
  • p
    What are active directory application partitions?
    7 years ago
  • brooklyn simpson
    What is multivalue replication?
    2 years ago

Post a comment