Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 239
Reply with quote  #1 
Would it be a bad or a good idea to change the Active Directory Replication Interval between two sites from 3 hours (the default, I think) to 30 or 15 minutes ?
What are your thoughts ?

We have several sites, but our Exchange is located on-premise in one site (HQ).
When we create a user in a branch office, we have to wait (max.) 3 hours until the Exchange servers in the HQ see the new user account.
When we create a user in the HQ, we have to wait (max.) 3 hours until that account can be used in the branch office.

Does speeding up the replication have a disadvantage ?

__________________
Pieter Demeulemeester
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 300
Reply with quote  #2 
Hi,

the only possible disadvantage is replication traffic. If your WAN can handle it, you can shorten the interval all the way down to the allowed minimum of 15 minutes.

I have a couple of customers whose WAN is actually a "long distance LAN", bandwidth- and latency-wise. At some of those sites we've been doing notification based intersite replication for years with no problems whatsoever.

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 237
Reply with quote  #3 
+1 Evgeny. 

The bandwidth problem is greatly exaggerated in modern times. Don't forget that the changes that have been building need to go across the WAN anyway: one big chunk every three hours or 12 small chunks every 15 minutes: same data. I'm handwaving a bit here, but it's essentially true. 

The only difficult case is an AD with many sites containing DCs, let's say more than 100 -- but let's not go into that unless it's relevant?

For anything else, 15 minutes is perfectly fine, and as Evgeny said, you should consider enabling notification on the sitelink as well. 

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 239
Reply with quote  #4 
Thanks for the replies guys.

>> The only difficult case is an AD with many sites containing DCs,
We have about 65 DCs spread across in +/- 25 sites, should I be worried ?

(at this moment we have 76 DCs, but some of them are planned te be demoted)

__________________
Pieter Demeulemeester
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 237
Reply with quote  #5 
> We have about 65 DCs spread across in +/- 25 sites, should I be worried

Never [biggrin].

The main concern is that the DC needs to be able to finish all replication cycles with his partners within one replication window. 25 sites should be completely safe, but just to get a feeling for your situation:

- what is the typical WAN latency?
- assuming hub/spoke, how many replication partners does a typical central bridgehead have?

 

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 239
Reply with quote  #6 
>> what is the typical WAN latency ?
Less then 20 ms (sometimes 100 or 200 ms, but that is worst case)

>> assuming hub/spoke, how many replication partners does a typical central bridgehead have?
1 site =central HQ : 2 DCs, one is bridgehead
24 sites = local entities : each with 2 DC's, one of them is bridgehead
Some of the local entities have branch offices. There is 1 DC in a branch office.

Summary:
The bridgehead DC in the central HQ has 25 replication partners.
The bridgehead DC in the local entities has 2 to 10 replication partners, depending on the amount of branch offices.
The (only) DC in the branch offices all have 1 replication partner.

__________________
Pieter Demeulemeester
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 237
Reply with quote  #7 
> The bridgehead DC in the central HQ has 25 replication partners.

Do you have a dedicated BH server, perhaps? It is unusual to have one DC with all external replication partners. With low latency this DC _should_ be able to support a 15m window, but 25 partners is higher than I would like. Why not have multiple DCs as BH?

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 239
Reply with quote  #8 
>>Do you have a dedicated BH server, perhaps?
yes.

>>Why not have multiple DCs as BH?
Because I know now that DC_siteX_1 is the bridgehead in every site (and not DC_siteX_2).  I can now force replication (with a script, based on repadmin) without verifying the replication partners first, because I know that DC_SiteA_1 is replicating with DC_SiteB_1.

If I don't define a bridgehead, each DC in the central HQ would have +/- 12 replication partners.

Would it be better/safer to set the interval to 30 minutes instead of 15 ?

__________________
Pieter Demeulemeester
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 237
Reply with quote  #9 
Unusual, but fair enough I guess!

I use this to force replication throughout the forest. It forces replication for every site, starting with the ones having the most DCs because these should be the hub sites. Theoretically, this is a fast way to achieve data consistency.
Code:

[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites |
Sort-Object -Property @{Expression={$_.Servers.Count}} -Descending |
ForEach-Object { $_.Servers } |
Foreach-Object { repadmin /syncall $_.name /A /e }


To answer your question: 30 minutes should be safe, but 15 minutes may be equally fine. Monitor your HUB BH with repadmin /queue. This shows the number of replication events waiting to happen. It should go to zero during every cycle. If not... increase the period time.

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 239
Reply with quote  #10 
Okay, I'll go with that.

And thanks for that one-liner, really impressive.

__________________
Pieter Demeulemeester
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.