MORE INFORMATION

Active Directory is made up of one or more directory partitions, or naming contexts. A directory partition is a contiguous subtree of Active Directory that forms a unit of replication between domain controllers.

In Active Directory a single server always holds at least three directory partitions:

• The schema
• The configuration (replication topology and related metadata)
• One or more per-domain directory partitions (subtrees containing domain-specific objects in the directory)

For example, domain controller "DC1" from domain "ntdev.microsoft.com" has the following directory partitions (assuming a "microsoft.com" domain exists as the root domain and DC1 is not a Global Catalog server):

• Schema (CN=Schema,CN=Configuration,DC=microsoft,DC=com)
• Configuration (CN=Configuration,DC=microsoft,DC=com)
• Domain NTDEV (DC=ntdev,DC=microsoft,DC=com)

Domain controller "DC2" from domain "support.microsoft.com" has the following directory partitions (assume DC2 is not a Global Catalog server):

• Schema (CN=Schema,CN=Configuration,DC=microsoft,DC=com)
• Configuration (CN=Configuration,DC=microsoft,DC=com)
• Domain SUPPORT (DC=support,DC=microsoft,DC=com)

The schema and configuration are replicated to every domain controller in a given forest. The per-domain directory partition is replicated only to domain controllers for that domain, except when the target server is a Global Catalog server. In this example, DC1 and DC2 replicate the Schema and Configuration directory partitions with each other, but do not replicate the per-domain directory partitions because they are from different domains. Domain controllers from the same domain replicate all three directory partitions with each other.

For each of the methods below, the "source" server describes the domain controller that replicates the changes to a replication partner. The "target" domain controller receives the changes.

Initiating Replication Using the Sites and Services Manager Snap-in

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2. Expand the Sites container in the left pane. Expand the container that represents the name of the site containing the target server that needs to be synchronized with its replication partners.
3. Expand the Servers container, and then expand the target server to display the NTDS Settings object (an object that represents settings for the domain controller).
4. Click the NTDS Settings object. The connection objects in the right pane represent the target server's direct replication partners.
5. Right-click a connection object in the right pane, and then click Replicate Now. Windows 2000 initiates replication of any changes from the source server (the server represented by the connection object) to the target server for all directory partitions the target server is configured to replicate from the source server.

Initiating replication Using Repadmin.exe

Repadmin.exe is a command-line tool from the Windows 2000 Resource Kit that is included in the Support Tools folder on the Windows 2000 CD-ROM.

1. Determine the name of the target server that needs to be synchronized.
2. At a command prompt, use Repadmin.exe to determine the target server's direct replication partners by typing the following command:

   repadmin /showreps target_server_name

   If the target server can be reached, it displays output similar to the following sample. In this example, DC1 and DC2 are now in the same domain, "support.microsoft.com."

   Redmond\DC1
   DSA Options : (none)
   objectGuid : 4a11d649-f9ab-11d2-b17f-00c04f5cb503
   invocationID: 45d18b0b-f9ab-11d2-98b8-0000f87a546b
   
   ==== INBOUND NEIGHBORS ======================================
   
   CN=Schema,CN=Configuration,DC=microsoft,DC=com
   

   Redmond\DC2 via RPC
   objectGuid: d2e3badd-e07a-11d2-b573-0000f87a546b
   Last attempt @ 1999-05-03 18:07.04 was successful.
   

   CN=Configuration,DC=microsoft,DC=com
   

   Redmond\DC2 via RPC
   objectGuid: d2e3badd-e07a-11d2-b573-0000f87a546b
   Last attempt @ 1999-05-03 18:07.05 was successful.
   

   DC=support,DC=microsoft,DC=com
   

   Redmond\DC2 via RPC
   objectGuid: d2e3badd-e07a-11d2-b573-0000f87a546b
   Last attempt @ 1999-05-03 18:07.09 was successful.
   

   
   (Other data excluded because it does not pertain to this article.)

   Under the Inbound Neighbors section of the output, the direct replication partners for each directory partition are identified along with the status of the last replication.
3. Find the directory partition that needs synchronization and locate the source server with which the target will be synchronized. Note the objectGuid of the source server.
4. Use Repadmin.exe to initiate replication by typing the following command:

   repadmin /sync directory_partition target_server_name source_server_objectGuid

   For example, to initiate replication on DC1 so that changes are replicated from DC2:

   repadmin /sync dc=support,dc=microsoft,dc=com DC1 d2e3badd-e07a-11d2-b573-0000f87a546b

   If successful, Repadmin.exe displays the following message:

   ReplicaSync() from source: d2e3badd-e07a-11d2-b573-0000f87a546b, to dest: DC1 is successful.

Optionally, you can use the following switches on the command line:

• /force: Overrides the normal replication schedule.
• /async: Starts the replication event. Repadmin.exe does not wait for the replication event to finish.
• /full: Forces a full replication of all objects from the destination DSA.

Initiating Replication in a Visual Basic Script Using IADsTools

On the Windows 2000-based computer that will execute the script, install the Windows 2000 Support Tools Resource Kit, which includes Active Directory Replication Monitor and IADsTools (a COM object that can be used for many functions, including the one described here to synchronize replication partners). Detailed information about the function parameters is located in the Windows 2000 Resource Kit documentation.

The ReplicaSync function can be used to synchronize a target domain controller with a source for a given directory partition. The syntax for the ReplicaSync function is as follows

Where:

• target_server is the domain controller receiving the changes, being synchronized with the source_server.
• directory_partition is the partition to be replicated.
• source_server is the domain controller that will replicate the changes to the target server.
• use_flags does not have to be specified, but if set to 1, the function looks at the flags specified by SetReplicaSyncFlags (see the Windows 2000 Resource Kit documentation for more information) to determine which options to set in the request. To specify no flags, use a value of 0 (zero).
• use_credentials does not have to be used by default if the logged on user has administrative credentials. If this parameter is specified and the value is 1, the function look sat the credentials defined by the SetUserCredentials function (explained below) and passes those with the request. If this parameter is specified, use_flags must also be specified.

This function returns 0 for success or 1 for failure.
For example, if the logged on user has administrative credentials on DC1, the following script can be run to synchronize DC1 with any changes that have occurred on DC2 for the directory partition "DC=support,DC=microsoft,DC=com":

If alternate credentials need to be specified, the SetUserCredentials function can be used to specify them in addition to specifying a value of "1" for the last parameter to the ReplicaSync function. The SetUserCredentials function has the following syntax

Where:

• user_name is the down-level user name of an account in the domain.
• domain_name is the NetBIOS domain name of the user account.
• user_LDAP_dn is not required for the ReplicaSync function but can be specified. This is the Distinguished Name of the user account specified.
• password is the password for the user.

For example, after modifying the above script, it would be like the following sample:

In VBScript, all variables are defined as type VARIANT. To pass variables to any function in the IADsTools object, those variables must be explicitly typed. For example:

To view a language and run-time reference for VBScript, visit the following Microsoft Web site:

Initiating Replication Using Active Directory Replication Monitor

1. On the Windows 2000-based computer that will run the script, install the Windows 2000 Support Tools Resource Kit, which includes Active Directory Replication Monitor (Replmon.exe).
2. Start Active Directory Replication Monitor and click Add Site/Server on the Edit menu. Use the "Add Site or Server" Wizard to add the target server to the view.
3. Replmon.exe identifies the directory partitions and displays them as child nodes to the target server in the left pane.
4. Find and expand the directory partition that needs to be synchronized. All domain controllers listed for a given directory partition are source servers, but direct replication partners are displayed with an icon that represents two network-connected servers. Direct replication partners can also be identified by right-clicking a server and clicking Properties. The Properties dialog box displays the source server as a Direct Replication Partner, a Transitive Replication Partner, or a BridgeHead Connection (also a direct replication connection).
5. Right-click the direct replication partner, and then click Synchronize Replica. Replmon.exe initiates replication and reports the success or failure of the request.