Announcement

Collapse
No announcement yet.

Does your SYSVOL take awhile to replicate changes?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Does your SYSVOL take awhile to replicate changes?

    Mine sure does... but only to and from servers in other sites. I have five DCs in four Sites. DC1 and DC2 are in the same site and the others are in their own. For example, if I make a change to the login script on DC1 or DC2's Netlogon copy, FRS instantly replicates it to the other DC in the site... but poor DC3, DC4, and DC5 will not see the change for hours. And of course if you make a change on DC3, DC4, or DC5, you'll not see that change on ANY DC for a couple hours.

    It's all very wierd because it DOES work, just slowly to the other site DCs. No FRS log errors and DCDIAG comes back clean on all the DCs.

    Question: normally I think FRS will submit a change to the other DCs in seconds, but does that only apply to INTRAsite DC's and perhaps INTERsite replication follows the NTDS Schedule defined in Sites and Services? Thats all I can guess.

    Thoughts?

    -Wore

  • #2
    Re: Does your SYSVOL take awhile to replicate changes?

    I *think* (five minutes quick googling hasn't revealed a definitive statement to confirm my initial thoughts) that SYSVOL gets replicated within a site inside three seconds... but that between sites it follows the AD replication schedule. It's not the same mechanism as AD replication (it's done by FRS) it just shares a schedule with it.

    http://technet2.microsoft.com/window....mspx?mfr=true


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Does your SYSVOL take awhile to replicate changes?

      Originally posted by Stonelaughter View Post
      I *think* (five minutes quick googling hasn't revealed a definitive statement to confirm my initial thoughts) that SYSVOL gets replicated within a site inside three seconds... but that between sites it follows the AD replication schedule. It's not the same mechanism as AD replication (it's done by FRS) it just shares a schedule with it.

      http://technet2.microsoft.com/window....mspx?mfr=true
      This is a somewhat frustrating subject that bugs me to no end where I've seen 2 different conflicting answers that claim to be fact:

      Answer 1: Intrasite replication between domain controllers occurs at 5 minute intervals. Since the KCC ensures domain controller replication will take no longer than 3 hops or replication intervals, the maximum amount of time intrasite replication should be expected to take is 15 minutes (5mins x 3 hops).

      Answer 2: Intrasite replication happens nearly instantaneously. The basic premis behind this "theory" ties back to Microsoft's fundamental definition of a site: A well connected network with 10Mbps or better bandwidth at its disposal. Since AD has basically all of the bandwidth it needs within a site, replication will happen as often as needed, usually instantly, no matter what the cost since bandwidth shouldn't be an issue.

      What I gather from my experience is this:
      1: In the old days prior to Active Directory (NT4 and prior), replication among domain controllers definitely happened at a set interval which basically follows Answer 1 other than the 3 hops/15 minute piece. This was either 5 or 10 minutes, I can't remember anymore.

      2: With the coming of Active Directory, I've seen Answer 2 more often than not where it appears intrasite replication happens instantly or near instantly.

      3: As far as my sources go on the subject of AD replication happening at 5 minute intervals or instantly, the 5 minute intervals come from Win2k materials. The instant replication reference seems to come from Win2k3 materials. So maybe this changed between 2k and 2k3. There's also a piece at least in 2k3 replication which hasn't been mentioned and that is where AD DCs in a site will notify other DCs in the same site of changes that were made to AD which triggers the pull replication intrasite to happen instantly. I don't know if this trigger technolgy existed in Win2k. That could explain the whole difference.
      Last edited by jasonboche; 30th April 2007, 23:40.
      VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
      boche.net - VMware Virtualization Evangelist
      My advice has no warranties. Follow at your own risk.

      Comment


      • #4
        Re: Does your SYSVOL take awhile to replicate changes?

        I actually got my 3sec answer from a technet article that came up on my google search... so I'm pretty sure that at least now, it's answer 2.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: Does your SYSVOL take awhile to replicate changes?

          Originally posted by jasonboche View Post
          This is a somewhat frustrating subject that bugs me to no end where I've seen 2 different conflicting answers that claim to be fact:

          Answer 1: Intrasite replication between domain controllers occurs at 5 minute intervals. Since the KCC ensures domain controller replication will take no longer than 3 hops or replication intervals, the maximum amount of time intrasite replication should be expected to take is 15 minutes (5mins x 3 hops).

          Answer 2: Intrasite replication happens nearly instantaneously. The basic premis behind this "theory" ties back to Microsoft's fundamental definition of a site: A well connected network with 10Mbps or better bandwidth at its disposal. Since AD has basically all of the bandwidth it needs within a site, replication will happen as often as needed, usually instantly, no matter what the cost since bandwidth shouldn't be an issue.
          http://technet2.microsoft.com/window....mspx?mfr=true :
          Within sites, replication is optimized for speed as follows:

          Connections between domain controllers in the same site are always arranged in a ring, with possible additional connections to reduce latency.

          Replication within a site is triggered by a change notification mechanism when an update occurs, moderated by a short, configurable delay (because groups of updates frequently occur together).

          Data is sent uncompressed, and thus without the processing overhead of data compression.


          Between sites, replication is optimized for minimal bandwidth usage (cost) as follows:

          Replication data is compressed to minimize bandwidth consumption over WAN links.

          Store-and-forward replication makes efficient use of WAN links each update crosses an expensive link only once.

          Replication occurs at intervals that you can schedule so that use of expensive WAN links is managed.

          The intersite topology is a layering of spanning trees (one intersite connection between any two sites for each directory partition) and generally does not contain redundant connections.
          The 5 minutes is W2K specific and is talking about the delay before the change notification is sent to adjacent DCs (intrasite replication follows ring topology) in the same site:

          http://technet2.microsoft.com/window....mspx?mfr=true (look under "registry settings"):
          Default value
          Windows 2000 Server: 300 seconds.

          The value for the delay between an originating update on a domain controller and the first change notification. On domain controllers running Windows Server 2003, the value for initial change notification delay is stored in the msDSReplicationNotifyFirstDSADelay attribute on the cross-reference object for each directory partition in the Configuration container. The default value in Windows Server 2003 is decreased to 15 seconds when the forest functional level is Windows Server 2003.
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            Re: Does your SYSVOL take awhile to replicate changes?

            Sounds like I have problems then... even though nothing is logged. Doesn't sound like from any of those references that replication should take hours because even on my weakest link I have it set to replicate once per hour in the Sites and Services schedules.

            Thanks for the help.

            Comment


            • #7
              Re: Does your SYSVOL take awhile to replicate changes?

              Time to fire up replmon.exe from the Windows Server 2003 tools and find out who is not replicating to who. If it's intersite replication that is failing then it could be an issue with one of the bridgehead servers or the site link integrity. Also make sure you're not using SMTP as your intersite replication protocol.

              I wonder if I will gain more reputation by providing technical suppot from the airport @ 7am?
              VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
              boche.net - VMware Virtualization Evangelist
              My advice has no warranties. Follow at your own risk.

              Comment


              • #8
                Re: Does your SYSVOL take awhile to replicate changes?

                well you're aces in my book.

                I've already been through replmon. I let it run all day last week logging every 60 minutes and not one site replication failed. it shows that all the replication attempts occurred successfully... as the FRS logs would concur because no FRS errors are logged. And again, everything in the SYSVOLs sync... eventually.

                Comment

                Working...
                X