IT tutorials
 
Applications Server
 

Active Directory 2008 : Monitoring and Troubleshooting Active Directory Replication

1/7/2014 8:09:31 PM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

For the most part, domain controllers handle the replication processes automatically. However, systems administrators still need to monitor the performance of Active Directory replication, since failed network links and incorrect configurations can sometimes prevent the synchronization of information between domain controllers.

You can monitor the behavior of Active Directory replication and troubleshoot the process if problems occur.

1. About System Monitor

The Windows Server 2008 System Monitor administrative tool was designed so that you can monitor many performance statistics associated with using Active Directory. Included within the various performance statistics that you may monitor are counters related to Active Directory replication.

2. Troubleshooting Replication

A common symptom of replication problems is that information is not updated on some or all domain controllers. For example, a systems administrator creates a User account on one domain controller, but the changes are not propagated to other domain controllers. In most environments, this is a potentially serious problem because it affects network security and can prevent authorized users from accessing the resources they require.

You can take several steps to troubleshoot Active Directory replication; each of these is discussed in the following sections.

2.1. Verifying Network Connectivity

In order for replication to work properly in distributed environments, you must have network connectivity. Although ideally all domain controllers would be connected by high-speed LAN links, this is rarely the case for larger organizations. In the real world, dial-up connections and slow connections are common. If you have verified that your replication topology is set up properly, you should confirm that your servers are able to communicate. Problems such as a failed dial-up connection attempt can prevent important Active Directory information from being replicated.

2.2. Verifying Router and Firewall Configurations

Firewalls are used to restrict the types of traffic that can be transferred between networks. They are mainly used to increase security by preventing unauthorized users from transferring information. In some cases, company firewalls may block the types of network access that must be available in order for Active Directory replication to occur. For example, if a specific router or firewall prevents data from being transferred using SMTP, replication that uses this protocol will fail.

2.3. Examining the Event Logs

Whenever an error in the replication configuration occurs, the computer writes events to the Directory Service and File Replication Service event logs. By using the Event Viewer administrative tool, you can quickly and easily view the details associated with any problems in replication. For example, if one domain controller is not able to communicate with another to transfer changes, a log entry is created. Figure 1 shows an example of the types of events you will see in the Directory Service log, and Figure 2 shows a specific example of a configuration error.

Figure 1. Viewing entries in the Directory Service event log

Figure 2. Viewing an entry in the event log

2.4. Verifying That Information Is Synchronized

It's often easy to forget to perform manual checks regarding the replication of Active Directory information. One of the reasons for this is that Active Directory domain controllers have their own read/write copies of the Active Directory database. Therefore, if connectivity does not exist, you will not encounter failures while creating new objects.

It is important to periodically verify that objects have been synchronized between domain controllers. This process might be as simple as logging on to a different domain controller and looking at the objects within a specific OU. This manual check, although it might be tedious, can prevent inconsistencies in the information stored on domain controllers, which, over time, can become an administration and security nightmare.

2.5. Verifying Authentication Scenarios

A common replication configuration issue occurs when clients are forced to authenticate across slow network connections. The primary symptom of the problem is that users complain about the amount of time it takes them to log on to Active Directory (especially during times of high volume of authentications, such as at the beginning of the workday).

Usually, you can alleviate this problem by using additional domain controllers or reconfiguring the site topology. A good way to test this is to consider the possible scenarios for the various clients that you support. Often, walking through a configuration, such as, "A client in Domain1 is trying to authenticate using a domain controller in Domain2, which is located across a slow WAN connection," can be helpful in pinpointing potential problem areas.

2.6. Verifying the Replication Topology

The Active Directory Sites And Services tool allows you to verify that a replication topology is logically consistent. You can quickly and easily perform this task by right-clicking the NTDS Settings within a Server object and choosing All Tasks => Check Replication Topology (see Figure 3). If any errors are present, a dialog box alerts you to the problem.

Figure 3. Verifying Active Directory topology using the Active Directory Sites And Services tool
 
Others
 
- Sharepoint 2013 : Organizing and managing information - Associating document templates with content types
- Sharepoint 2013 : Organizing and managing information - Creating a new content type
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 3) - Designing Exchange Server Infrastructure
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 2) - Designing Exchange Server Roles in an Exchange Server Environment
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 1) - Designing Active Directory for Exchange Server 2013
- Sharepoint 2013 : Organizing and managing information - Browsing through content types
- Sharepoint 2013 : Organizing and managing information - Creating site columns
- Sharepoint 2013 : Organizing and managing information - Browsing through site columns
- Active Directory 2008 : Configuring Replication (part 5) - Configuring Server Topology
- Active Directory 2008 : Configuring Replication (part 4) - Intersite Replication - Creating Bridgehead Servers
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us