Microsoft KB Archive/253665

From BetaArchive Wiki
Knowledge Base

XADM: How the Active Directory Connector Uses Block Search to Replicate Changes

Article ID: 253665

Article Last Modified on 2/26/2007


  • Microsoft Exchange 2000 Server Standard Edition
  • Microsoft Exchange Server 5.5 Service Pack 3
  • Microsoft Windows 2000 Standard Edition

This article was previously published under Q253665


This article describes the algorithm the Active Directory Connector (ADC) uses to replicate changes from Exchange to Active Directory and vice-versa.


When you have a Connection Agreement on the ADC that specifies an Exchange server and Windows 2000-based server, the ADC keeps track of what has already been replicated based on the USN-Changed attribute.

Exchange stores a value named highestCommittedUSN, which is the highest update sequence number (USN) value of any object on the server. The ADC keeps track of the last change that it has replicated from Exchange to Active Directory in a field named msExchServer2HighestUSN.

The following is an example of what an ADC might do during replication of a one-way Connection Agreement from Exchange to Active Directory:

  1. Read the highestCommittedUSN value from Exchange. For this example, 1,500.
  2. Read the msExchServer2HighestUSN value from the Connection Agreement. Because the agreement has never been run, this value is 0.
  3. Search for all entries in the Exchange directory with a USN-Changed value greater than the msExchServer2HighestUSN value. In this case, it will be all USN-Changed values greater than 0.
  4. Perform all the additions, modifications, and deletions.
  5. Change msExchServer2HighestUSN to 1,500.
  6. On the next cycle, the ADC will search for all entries whose USN-Changed value is greater than 1,500 because this is the new value of msExchServer2HighestUSN.

The ADC uses the same process in the opposite direction, from Active Directory to Exchange.

For example, an Exchange server has 100,000 entries on it. The ADC starts replicating, and after it has finished replicating 99,000 objects, the power goes out. When replication starts again, the ADC reads the msExchServer2HighestUSN value and it will be 0 because the server never got to step 5.

To avoid this situation, the ADC uses an algorithm called a block search. As a replication session takes place, this msExchServer2HighestUSN value is periodically updated, so if all of the changes do not get committed, replication picks up where it left off instead of starting at the beginning again.

The following steps describe the algorithm the ADC uses to implement a block search:

  1. Read the highestCommittedUSN value from Exchange, in this case, 500,000.
  2. Read the msExchServer2HighestUSN value. This will be X.

    NOTE: This will be 0 if this is the first time the Connection Agreement has been run.
  3. Search all entries that have a USN-Changed value greater than X and less than (X+10,000).
  4. Do all additions, modifications, deletions for these entries.
  5. Commit the msExchServer2HighestUSN value on the Connection Agreement with X+10,000. For additional information on when the ADC commits changes to Active Directory, click the article number below to view the article in the Microsoft Knowledge Base:

    253840 XADM: When the Active Directory Connector Commits Changes to Active Directory

  6. While X is less than 500,000, X = X + 10,000, and go back to step 3.
  7. Commit the msExchServer2HighestUSN value with 500,000.

The block search provides a more fault-tolerant solution for a power outage or any other problem that might interrupt ADC replication. In the worst-case scenario for this example, the ADC will have to replicate only 10,000 entries. In real world usage, the replication amount is actually much less than that because there is no direct formula between USN-Changed and the number of entries. For a company that performs several modifications each week on its users, such as telephone number changes, or other attribute changes, it will further reduce the number of entries in a 10,000 USN block.

If you have a small directory with fewer than 5,000 mailboxes, custom recipients, and distribution lists, the ADC is fast enough to replicate all those entries in a single block and in a very short period of time.

Additional query words: Polling Mechanism

Keywords: kbinfo KB253665