Microsoft KB Archive/253840

From BetaArchive Wiki
Knowledge Base

XADM: When the Active Directory Connector Commits Changes to Active Directory

Article ID: 253840

Article Last Modified on 2/21/2007


  • Microsoft Exchange 2000 Server Standard Edition
  • Microsoft Windows 2000 Standard Edition

This article was previously published under Q253840


The Active Directory Connector (ADC) is a long-run process. It is a service that runs under Windows 2000, and it only stops when you shut down the server, or if you choose to manually stop it. For this reason, it caches a lot of information that it uses in memory. One of the values it stores in memory is the highest update sequence number (USN).

This article discusses exactly when the ADC commits USN values to Active Directory for replication.


The ADC uses the highest USN to determine the next search it will perform. If a connection agreement starts running when the highestCommittedUSN attribute is 10,000, the ADC knows that at the end of the first cycle, it has read all entries that have USNChanged values less than 10,000. On the next cycle, the ADC reads the highestCommittedUSN (suppose 15,000), and reads all entries with USNChanged values greater than 10,000. After replication is finished, the highest USN replicated is 15,000, and so on.

The problem of keeping this information only in memory is that when the server is shut down, or the service is stopped, the information can be lost. For this reason, some attributes within the Connection Agreement are used to store this data. These attributes are:

  • msExchServer1LastUpdateTime
  • msExchServer2LastUpdateTime These attributes are not used by the ADC; they are just stamped for reference on the Connection Agreement. These attributes may not contain accurate information about when the last time the Connection Agreement ran. They are there for backward-compatibility reasons.

  • msExchServer1HighestUSNVector
  • msExchServer2HighestUSNVector These attributes are present only if the server is a Windows 2000-based server. They are used if a Connection Agreement is replicating from one domain controller but then you point it to another domain controller. These attributes prevent the ADC from missing entries, because a list is kept of the highestCommittedUSN values on all domain controllers in the organization.

  • msExchServer1HighestUSN
  • msExchServer2HighestUSN These attributes are what the ADC uses to decide where to start searching the directory. If these attributes are set to zero, it has the same effect as setting the msExchDoFullReplication attribute to TRUE. This is also accomplished if you right-click a Connection Agreement, click Properties, click the Schedule tab, and then click to select the Replicate the entire directory the next time the agreement runs check box. All these actions make the ADC start from the beginning and replicate everything again. By setting the msExchServerXHighestUSN attribute to zero manually, you can specify only one direction of the replication.

Use the msExchServer1HighestUSN attribute to specify Active Directory and the msExchServer2HighestUSN attribute to specify the Exchange directory.

The highest USN is updated in memory every time a cycle or a search block finishes. For additional information about search blocks, click the article number below to view the article in the Microsoft Knowledge Base:

253665 XADM: How the ADC Uses Block Search to Replicate Changes

Changes are committed to Active Directory every 24 hours if this is not a new Connection Agreement. If it is a new Connection Agreement, then Active Directory is updated every 30 minutes because the first time a Connection Agreement replicates, it must make many additions, which are resource-intensive operations. Even if there is a power outage in the middle of a cycle, no more than 30 minutes of replication will be lost.

Changes are immediately committed to Active Directory in these three special situations:

  • Shutting down the ADC service forces changes to be committed to Active Directory.
  • Changes are committed at the end of the first cycle of a new Connection Agreement. This is to mark that all the first-time add operations are finished.
  • Changes are committed when a Connection Agreement is rehomed to run on a different server.

The following is an example of how this process works:

Suppose you have an Exchange server (ServerA) and a Windows 2000-based server (ServerB). This is the first time a Connection Agreement has been run between them. You will have an Exchange server full of mailboxes, custom recipients and distribution lists; in this example, we will use a total of 20,000 entries on this server.

Initially, the ADC needs to synchronize all 20,000 entries from ServerA to ServerB, and synchronize the entries from ServerB to ServerA. This will probably take some time to complete, depending on the performance of both servers and the performance of the network. For this example, we will also assume the highestCommittedUSN value on ServerA is 80,000, because normally more modifications than additions are done.

The ADC starts replicating this Connection Agreement and it reads the highestCommittedUSN value, which is 80,000, and the last USN that the Connection Agreement has replicated, which is zero. The first search the ADC performs is for the USNChanged value between 0 and 10,000 on ServerA. After reading and updating all the entries in this block, the ADC stores in memory that it replicated the USN values up to 10,000. If 30 minutes has passed since replication started, this information is written to Active Directory, otherwise, it is kept in memory only. Then the ADC reads the next block from 10,001 to 20,000. After that, it commits the change to Active Directory if 30 minutes has passed from the last time it committed, and so on, until the first cycle is finished for this Connection Agreement in both directions. Finally, the ADC writes to Active Directory the msExchServer2HighestUSN value equal to 80,000 and the value of the highestUSNCommited attribute on Active Directory to the msExchServer1HighestUSN attribute.

After this first synchronization, every time the Connection Agreement runs, it only updates the Connection Agreement entry every 24 hours, even if you start and stop the service.

In the worst-case scenario, if power goes down, and replication is taking place for the first time, no more then one hour of replication will be lost.

Keywords: kbinfo KB253840