Enable immediate replication between Active Directory sites

(This post was originally published by myself on my previous blog site)

What is immediate replication?

Active Directory has 3 replication models:

  1. Within a site (Intrasite) the domain controllers use Change Notification to alert adjacent dc’s of changes made in AD. By default, after 15 seconds the first replication partner is notified and 3 more seconds to each subsequent replication partner.
  2. Between sites (Intersite) Change Notification is not used. Replication only happens on a schedule with every 15 minutes as the shortest configurable interval.
  3. Account lockout, changes to password policy, DC password changes and a few other situations trigger urgent replication which happens as quickly as the domain controllers are able and bypasses all other replication interval.

The intersite replication can however be configured to use Change Notification and this will bypass the replication schedule of the site link and replication will occur as if the domain controllers were in the same site. This does of course increase the traffic of you WAN link so make sure you have the bandwidth and latency to handle it.

How to enable immediate replication

The procedure is slightly different for automatically and manually changed sitelinks

For automatically created sitelinks:

  1. Open ADSIEDIT
  2. Connect to Configuration Naming Context
  3. Expand Sites –> Intersite Transport –> IP
  4. Right-click the relevant sitelink and select properties
  5. Change the value of “options” to 1
wp_intersite_repl1

For manually created sitelinks:

  1. Open ADSIEDIT
  2. Connect to Configuration Naming Context
  3. Expand Sites –> (The site name) –> Servers –> (Servername) –> NTDS Settings
  4. Right-click the relevant sitelink and select properties
  5. Change the value of “options” to 8
  6. Repeat for every manually configured sitelink (if desired)
wp_intersite_repl2

That’s all there is to it. Changes in AD will now flow as if the domain controllers are within the same site.

Author

  • Per-Torben Sørensen

    Per-Torben Sørensen has 25 years experience in IT and Microsoft infrastructure. He is currently an MCT and works as a Technical Architect within M365 at Crayon. His passion is Entra ID and Identity and access management and helps customers become "copilot-ready". He's also a engaged speaker and is always eager to share his knowledge and learn from others.

    View all posts

Discover more from Agder in the cloud

Subscribe to get the latest posts sent to your email.

By Per-Torben Sørensen

Per-Torben Sørensen has 25 years experience in IT and Microsoft infrastructure. He is currently an MCT and works as a Technical Architect within M365 at Crayon. His passion is Entra ID and Identity and access management and helps customers become "copilot-ready". He's also a engaged speaker and is always eager to share his knowledge and learn from others.

Related Post

Leave a Reply