Active directory revisited - USNs and replication, part 3


Last week we discussed the role of replication in maintaining the

consistency of the Active Directory (AD) partitions. This week, we look

at some of the details of the replication process, specifically the

update sequence numbers (USNs).

If an originating update (see last week's article for more info: is made to any

attributes of an object within the directory of a domain controller

(DC), then a counter called the USN is updated. DCs within your AD

domain use a USN to determine which updates need to be replicated. Every

attribute, object, and server has an individual USN and these USNs are

incremented when any attribute, object or server is updated.

This is easier illustrated with a simple example.

Assume that the phone number attribute on one of the user objects in

your AD was updated on a DC called DCServer1. After this updated is

made, DCServer1's USN is incremented to the next number, let's say 360.

After the default replication time of five minutes is reached, DCServer1

notifies DCServer2 that updates are available. Then DCServer2 requests

all updates greater than the USN it has for DCServer1, which is 359.

DCServer1 then checks to see which updates DCServer2 is requesting and

realizes that it needs the update represented by USN 360 and replicates

those updates to DCServer2. After DCServer2 commits the changes to its

directory, it updates DCServer1's USN to 360.

This process is slightly more complicated than the way it is described

above, but this gives you an accurate picture of the replication process

and how USNs allow AD to track changes made on different servers

throughout your environment, and to replicate them properly ensuring

consistency among all of the DCs supporting the directory.

Next week we will discuss how AD handles the same updates coming from

two different servers with a feature called propagation dampening.

ITWorld DealPost: The best in tech deals and discounts.