RE: [ActiveDir] Inter-site Urgent replication

[Ayers, Diane]

Title: RE: [ActiveDir] Inter-site Urgent replication

All:

 

Thanks for the tips and hints.  It seems that urgent replication is working better this AM.  I tracked a locked account from the source DC to the replication partners and it seems to be bypassing the replication schedule.  Too cool...

 

I'm still seeing some delay between the DCs that are "second hop" from the source via the replication topology but it seems to be a result of the new replication topology as opposed to anything else.  As Joe mentioned, the bridgehead server issue between sites comes into play. 

 

I was curious if anyone has tweaked the holdback timing and pause rates.  I'm inclined to tweak those settings to see better replication times as it seems that it has been tweaked already in 2003.  We're planning to go to 2003 after the holidays but want to see if anyone has taken the plunge in Win2K.

 

Diane

---

From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2003 1:14 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Inter-site Urgent replication

this is not only useful in the scenario described in this thread - if you generally want to speed up intra-site replication between DCs, you'd also want to work on these settings (not in 2k3, where it's as quick as it can get anyways and where the registry key is removed by default):

Registry Key to change Windows 2000 Replication behavior
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
- Replicator notify pause between DSAs (secs)  => pause between notifications
- Replicator notify pause after modify (secs) => pause to send first notification after a change

Default values: pause after modify / pause between DSAs

• Windows 2000:  registry values
  • 5 minutes / 30 seconds
• Windows 2003: new default values if registry keys are not set
  • 15 seconds / 3 seconds
    
    

_____________________________________________
From:   Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent:   Dienstag, 18. November 2003 05:34
To:     [EMAIL PROTECTED]
Subject:        RE: [ActiveDir] Inter-site Urgent replication

So, you're thinking with ATM between DCs I can crank up the holdback timing and pause rates?  Neat.....

;op

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
 

_____________________________________________
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]  On Behalf Of Joe
Sent:   Monday, November 17, 2003 10:23 PM
To:     [EMAIL PROTECTED]
Subject:        RE: [ActiveDir] Inter-site Urgent replication

Cool in that case I would do the same... Also if it is W2K and your bandwidth can truly handle it I would turn down the timing for holdback and pause between dsa's.

  joe

_____________________________________________
From:  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]  On Behalf Of Diane Ayers
Sent: Monday, November 17, 2003 9:09 PM
To: [EMAIL PROTECTED]

The biggest concern is not really the replication traffic and wanting to throttle the traffic but trying to localize the authentication.  I've turned on change notifications and we'll see how this works.  Thanks for the refresher on urgent replication and good point on the bridge head traffic.

Diane

_____________________________________________
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]  On Behalf Of Joe
Sent:   Monday, November 17, 2003 5:41 PM
To:     [EMAIL PROTECTED]
Subject:        RE: [ActiveDir] Inter-site Urgent replication

Urgent replication really isn't... It is urgent queuing of a replication request in actuality or at least from what I have observed. Basically you quickly stick a replication request into the queue of all change notification partners. They process it in the order and priority received... i.e. it would happen before a previously queued GC partition replication but after a previously queued domain partition replication.

You would need to enable change notification between sites to start to see the urgent queuing and doing that will blow out your replication schedules and most all benefits of compression.

HOWEVER, if you were happy with a single site setup, this all would be fine for you... Note however all traffic will STILL go through the bridgeheads. You won't set up a large ring like you had within a single site.

   joe

_____________________________________________
From:  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]  On Behalf Of Ayers, Diane
Sent: Monday, November 17, 2003 6:04 PM
To: [EMAIL PROTECTED]

Greetings

In an effort to localize our authentication traffic, we recently implemented a multi-site configuration moving away from our single mega-site (single domain).  All DCs are on high bandwidth links but we are trying to reduce authentication across the WAN.  All inter-site transports are configured for a maximum replication frequency (15 minutes). 

An assumption on my part (and probably erroneous) is that urgent replication triggers such as account lockouts will still bypass inter-site replication schedules and be replicated to all DCs in the domain.  We're getting a smattering of reports that the events such as account lockouts are not getting replicated quickly.  Putting 2 and 2 together, it looks like urgent replication is not carried between sites.  Is my assumption correct and can I enabled urgent replication between sites?

Diane