What is Replication
In Active Directory, objects are distributed among all domain controllers in a forest, and all domain controllers can be updated directly. Active Directory replication is the process by which the changes that originate on one domain controller are automatically transferred to other domain controllers that store the same data. For example, when an user’s telephone number is modified, it must be communicated throughout the organization ensuring up-to-date in every domain controller. This is accomplished through a mechanism called replication.
Replication in Active Directory
Active Directory uses a multi-master approach for the replication of directory data. As the name suggests, in the multi-master approach, each domain controller acts as a master and can replicate data to the other domain controllers.
Replication across the three different directory partitions- Schema partition,Configuration partition and Domain partition are carried out differently. Schema container holds definitions about objects and object attributes and is ubiquitous in nature. Any update to the schema is replicated forest wide. Configuration container contains physical layout of sites. Similar to Schema data, configuration data is also replicated throughout the forest. On the contrary, domain controllers residing in different domains, house different set of data that are domain confined. Thus to facilitate dispersion of data throughout an organization, the data in each domain controller is completely replicated to every other domain controller in the domain and partially replicated to the global catalog server.
How Replication Works?
Now that we know how replication occurs at three levels of directory partition, it is essential to understand that Active Directory replication is attribute based. To understand this lets take this example:
DC1- AD Domain Controller 1
DC2- AD Domain Controller 2
U1- an AD user with telephone number: xxxxxx90
Now, telephone number of the user U1 is same in both the DCs. If you change telephone number of U1 in DC1 as xxxxxx91, only the change in the telephone number is replicated to all the domain controllers and not the entire object. This replication process occurs based on the attribute usnChanged attribute. Yes, every object contains the attribute usnChanged which holds the corresponding object’s Last Update Sequence Number (USN). When an object is created, by default a USN is assigned to them. Whenever a change is elicited these USNs are incremented making every other USN in other domain controllers go out of date for that object. To ensure that only the most recent changes are replicated, only the highest USN is stored and displayed. Thus changes are monitored and recorded with the help of USN in Active Directory.