Repadmin Introduction and Technology Overview

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2

Repadmin.exe is a command line tool that is designed to assist administrators in diagnosing, monitoring, and troubleshooting Active Directory replication problems.

Active Directory replication dependencies

Active Directory replication has the following dependencies:

  • Routable IP infrastructure. The replication topology depends on a routable IP infrastructure from which you can map IP subnet address ranges to site objects. This mapping generates the information that client workstations use to communicate with domain controllers that are close by—when there is a choice—rather than with domain controllers that are located across wide area network (WAN) links.

  • DNS. The Domain Name System (DNS) that resolves DNS names to IP addresses. Active Directory requires that DNS is properly designed and deployed so that domain controllers can correctly resolve the DNS names of replication partners.

  • Remote procedure call (RPC). Active Directory replication requires IP connectivity and the remote procedure call (RPC) to transfer updates between replication partners.

  • Kerberos version 5 (V5) authentication. The authentication protocol for both authentication and encryption that is required for all Active Directory RPC replication.

  • Lightweight Directory Services Protocol (LDAP). The primary access protocol for Active Directory. Replication of an entire replica of an Active Directory domain, as occurs when Active Directory is installed on an additional domain controller in an existing domain, uses LDAP communication rather than RPC.

  • NetLogon. NetLogon dynamically registers the globally unique identifier (GUID) CNAME in DNS that a domain controller uses to resolve its partner’s host name and IP address for Active Directory replication.

  • Intersite Messaging. Intersite Messaging is required for Simple Mail Transfer Protocol (SMTP) intersite replication and for site coverage calculations. If the forest functional level is Windows 2000, Intersite Messaging is also required for intersite topology generation.

Replication Topology and Dependent Technologies

Glossary of replication terms

The following table lists terms that are commonly used in discussions about Active Directory replication.

Term

Definition

Active Directory replication

Active Directory is a distributed directory service, in which not all objects in the directory are stored on every domain controller. In addition, all domain controllers in a domain can be updated directly, not just one primary domain controller. Active Directory replication is the means by which changes that are made on one domain controller are synchronized with all other appropriate domain controllers in the domain or forest that store copies of the same information. Data integrity is maintained by tracking changes on each domain controller and updating other domain controllers in a systematic way. Replication uses a connection topology that is created automatically to make optimal use of beneficial network connections.

Active Directory replication topology

Replication topology is the current set of Active Directory connections by which domain controllers in a forest communicate over local area networks (LANs) and WANs to synchronize the directory partition replicas that the domain controllers have in common. Replication topology generation is usually dynamic. It adapts to the network conditions and availability of domain controllers. As a result of how much we rely and depend on directory services today, it is very important to ensure that a directory replication topology is fine-tuned to maintain and deliver the expected level of performance.

Active Directory sites

A site is a part of the network with high bandwidth connectivity. By definition, it is a collection of well-connected computers, based on IP subnets. You can use the Active Directory Sites and Services snap-in to administer sites. Because sites control how replication occurs, changes that you make with this snap-in affect how efficiently domain controllers within a domain (but separated by great distances) will coalesce.

Knowledge Consistency Checker (KCC)

A part of the ISTG role in Active directory. The KCC checks and, as an option, re-creates topology information for the Active Directory domain.

Intersite Topology Generator (ISTG)

This is a role that one domain controller in an Active Directory site must perform.The ISTG designates one or more bridgehead servers to perform replication between sites.

Multimaster replication

Every domain controller can receive originating updates to data for which it is authoritative, rather than having a single domain controller that receives all original updates (also known as single-master replication, such as Microsoft Windows NT® 4.0 replication).

Pull replication

Domain controllers request (pull) changes rather than send (push) changes that might not be necessary.

Store-and-forward replication

Each domain controller communicates with a subset of domain controllers to transfer replication changes, rather than one domain controller being responsible for communicating with every other domain controller that requires the change.

High water mark

High water mark is a value that the destination domain controller maintains to keep track of the most recent changes that it has received from a specific source domain controller for an object in a specific partition. High water mark prevents irrelevant objects from being considered by the source domain controller with respect to a single destination.

Up-to-dateness vector

The up-to-dateness vector is a value that the destination domain controller maintains for tracking the originating updates that are received from all source domain controllers. When a destination domain controller requests changes for a directory partition, it provides its up-to-dateness vector to the source domain controller. The source domain controller then uses this value to reduce the set of attributes that it sends to the destination domain controller.

The following table lists terms that are related to other technologies that depend on Active Directory replication topology.

Term

Definition

File Replication Service (FRS)

The replication service in Windows 2000 Server and Windows Server 2003 that is used to replicate the SYSVOL shared folder.

Replica set

The collection of servers that are all replicating a given set of directories is called a replica set. With an appropriate topology design and sufficient network support, a Windows 2000 or Windows Server 2003 FRS replica set can span thousands of computers. It is also possible for a single computer to be a member of multiple replica sets.

Topology

Topology defines the set of connections that are used to send updates between members of a replica set. The topology definition includes both the connections and the properties of those connections, such as the schedule, enabled and disabled flags, and so on.

Disconnected operation

FRS can operate even if some or all member computers are disconnected from each other for periods of time. Changes can be accepted by any computer, and changes are replicated to other member computers when connectivity is reestablished.

Authenticated RPC with encryption

To provide secure communications, FRS uses the Kerberos authentication protocol for authenticated RPC to encrypt and tamper-proof the data that is sent between replication partners.