| Author | Messages | |
rmscheck
Posts:19
 | | 05/07/2008 11:16 AM |
| Folks,
What sort of event will trigger change between sites if we enable site link notifications? In our test environment with it enabled, we performed a user rename on one site and nothing happened in the second site for close to the actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as eventually the change will replicate, but I would like for it to be quicker or at least bypass the set interval.
Just for clarification, the options attribute in our test environment was "Not Set" so I entered a 1 to enable.
Thanks.
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
| | | |
| EricGustafson
Posts:30
| | 05/07/2008 3:31 PM |
| An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between Sites
Folks,
What sort of event will trigger change between sites if we enable site link notifications? In our test environment with it enabled, we performed a user rename on one site and nothing happened in the second site for close to the actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as eventually the change will replicate, but I would like for it to be quicker or at least bypass the set interval.
Just for clarification, the options attribute in our test environment was "Not Set" so I entered a 1 to enable.
Thanks.
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ%20>
| | | |
| rmscheck
Posts:19
| | 05/07/2008 4:41 PM |
| Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent Replication are triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test environment is confusing me! Now it is replicating changes rather quickly.. changes such as Exchange mailbox moves, descriptions, renames, etc... These werent happening earlier.. Currently the rep interval is set to 30 minutes. Earlier this morning the test environment was replicating these changes after 30 mins. Now its happening within a minute or so. Strange. Is this expected behavior or am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)" <eric.gustafson@oldcastlematerials.com> wrote: v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between Sites
Folks,
What sort of event will trigger change between sites if we enable site link notifications? In our test environment with it enabled, we performed a user rename on one site and nothing happened in the second site for close to the actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as eventually the change will replicate, but I would like for it to be quicker or at least bypass the set interval.
Just for clarification, the options attribute in our test environment was "Not Set" so I entered a 1 to enable.
Thanks.
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
| | | |
| dwells
Posts:18
| | 05/07/2008 4:46 PM |
| Change notification IS the mechanism employed between DCs in the same site
as one another. Enabling it between sites by altering the site link or the
connection objects directly causes replication to behave in the same manner,
i.e. a change is received and its partner DC(s) is/are notified . if that
partner is in a different site but now supports change notification then the
fact that it is in a different site is moot; replication will proceed
regardless of the site link schedule/frequency. The other aspects of sites
and their expected behaviors persist as before.
--
Dean Wells
MSEtechnology
* Email: dwells@msetechnology.com
http://msetechnology.com <http://msetechnology.com/>
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 4:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent Replication are
triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test environment is
confusing me! Now it is replicating changes rather quickly.. changes such
as Exchange mailbox moves, descriptions, renames, etc... These werent
happening earlier.. Currently the rep interval is set to 30 minutes.
Earlier this morning the test environment was replicating these changes
after 30 mins. Now its happening within a minute or so. Strange. Is this
expected behavior or am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)"
<eric.gustafson@oldcastlematerials.com> wrote:
An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId
/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between Sites
Folks,
What sort of event will trigger change between sites if we enable site link
notifications? In our test environment with it enabled, we performed a user
rename on one site and nothing happened in the second site for close to the
actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as
eventually the change will replicate, but I would like for it to be quicker
or at least bypass the set interval.
Just for clarification, the options attribute in our test environment was
"Not Set" so I entered a 1 to enable.
Thanks.
_____
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8H
DtDypao8Wcj9tAcJ%20> it now.
_____
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8H
DtDypao8Wcj9tAcJ%20> it now.
| | | |
| bdesmond
Posts:161
| | 05/07/2008 5:27 PM |
| I'm guessing you needed to sit out the replication interval for the site
link change.
As Dean said on k3 you should be seeing replication between these sites
converging in a matter of seconds now.
--brian
On Wed, May 7, 2008 at 4:38 PM, Rand Salazar <rmscheck@yahoo.com> wrote:
> Hmm is it just those three items?
>
> Is a better definition, only changes deemed under Urgent Replication are
> triggered under Site Link Change Notification?
>
> I'm just trying to understand it more as now our test environment is
> confusing me! Now it is replicating changes rather quickly.. changes such
> as Exchange mailbox moves, descriptions, renames, etc... These werent
> happening earlier.. Currently the rep interval is set to 30 minutes.
> Earlier this morning the test environment was replicating these changes
> after 30 mins. Now its happening within a minute or so. Strange. Is this
> expected behavior or am I barking up the wrong tree?
>
>
>
>
>
>
> *"Gustafson, Eric (Oldcastle Materials)" <
> eric.gustafson@oldcastlematerials.com>* wrote:
>
> An article from the ActiveDir.org site;
>
>
> http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/40/Default.aspx
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Rand Salazar
> *Sent:* Wednesday, May 07, 2008 11:14 AM
> *To:* Active Dir
> *Subject:* [ActiveDir] Triggers for Change Notification Between Sites
>
> Folks,
>
> What sort of event will trigger change between sites if we enable site
> link notifications? In our test environment with it enabled, we performed a
> user rename on one site and nothing happened in the second site for close to
> the actual site links replication interval.
>
> As far as I can tell, replication is occurring normally between sites as
> eventually the change will replicate, but I would like for it to be quicker
> or at least bypass the set interval.
>
> Just for clarification, the options attribute in our test environment was
> "Not Set" so I entered a 1 to enable.
>
> Thanks.
>
> ------------------------------
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
> now.<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ%20>
>
>
> ------------------------------
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
> now.<http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ>
>
>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| listmail
Posts:178
| | 05/07/2008 6:18 PM |
| Possibly...
Assuming change notification was enabled properly, it works. However the
replication is still pushed through the bridgehead server for the given
site. You don't get a ring topology across the sites like you have within a
single site. It is a ring within the site and the standard spanning tree for
intersite. That means convergence isn't coming from two different
directions... you have a SPoF or more accurately SPoL(atency). So say you
have enough DCs in a site to get a full 3 hop ring then change notification
to another site could still realistically be over a minute with default
holdback timing, etc and not even considering the time to process the churn
involved. It could take considerably over a minute if the bridgehead is busy
(either dealing with lots of work or it has a poor connection to a site and
RPC is being troublesome over that pipe). I have seen bridgeheads that have
gotten tied up for long periods of time (hours under W2K, tens of minutes
under 2K3) when a single site was having network issues and it was causing
slowness of all replication going through that bridgehead.
More info... DCs only have single inbound pull replication thread and the
replication is pull based. So while DC-A can service many DCs asking for
updates, it can only pull from one DC at a time. So if you have a bridgehead
that is tied up pulling from say DC-C and DC-B has changes for it, DC-B will
send the change notification to the bridgehead but it will have to finish
with DC-C first before it gets to DC-B to get the changes to be pulled by
DCs in sites that that bridgehead services. Confused yet?
There is also some implication in the thread about urgent replication...
Urgent replication is different than change notification though it is
related. Urgent replication just means you don't go through the holdback
period but nothing is truly urgently replicated, it is just urgently queued.
I.E. It hits the queue right away but has the normal priorities of the other
stuff queued so it isn't like it goes to the head of the pack or anything.
This stuff was discussed in Dean and my presentation at DEC back in 2006,
pop out to Jadonex for the powerpoint about it and the info on the queuing
priorities, etc.
If you want to watch what is happening, go pick up ADQueueLoop, AdFind (with
-sc replqueue or -sc ncrepl switches), or repadmin (with /queue switch) to
see what is currently going through the queue or to show the current queue
in its entirely and play with those, you will see the replication requests
being queued up and processed. If you have two sites (Site A and Site B) and
two DCs (SA-DC1 and SB-DC1) and you watch the Repl Queue on SB-DC1 and
change notification is enabled between them and then make a change directly
on SA-DC1 then you should see a repl request for SA-DC1 pop into the queue
in a time dependent on the number of DCs that are change notify enabled with
SB-DC1. So if that is the only DC with a change notification connection
(i.e. no DCs in the site with SA-DC1 and only the one change notification
site) you would normally expect to see something within 15 seconds.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Wednesday, May 07, 2008 5:25 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Triggers for Change Notification Between Sites
I'm guessing you needed to sit out the replication interval for the site
link change.
As Dean said on k3 you should be seeing replication between these sites
converging in a matter of seconds now.
--brian
On Wed, May 7, 2008 at 4:38 PM, Rand Salazar <rmscheck@yahoo.com> wrote:
Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent Replication are
triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test environment is
confusing me! Now it is replicating changes rather quickly.. changes such
as Exchange mailbox moves, descriptions, renames, etc... These werent
happening earlier.. Currently the rep interval is set to 30 minutes.
Earlier this morning the test environment was replicating these changes
after 30 mins. Now its happening within a minute or so. Strange. Is this
expected behavior or am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)"
<eric.gustafson@oldcastlematerials.com> wrote:
An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId
/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between Sites
Folks,
What sort of event will trigger change between sites if we enable site link
notifications? In our test environment with it enabled, we performed a user
rename on one site and nothing happened in the second site for close to the
actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as
eventually the change will replicate, but I would like for it to be quicker
or at least bypass the set interval.
Just for clarification, the options attribute in our test environment was
"Not Set" so I entered a 1 to enable.
Thanks.
_____
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8H
DtDypao8Wcj9tAcJ%20>
_____
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
<http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8
HDtDypao8Wcj9tAcJ>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| febrero
Posts:3
| | 05/07/2008 7:54 PM |
| When you changed the value to 1, you actually had to wait until that changes reaches the "remote" server, and yes that can take a while depending on the Site Link inteval.
After that change is replicated now avery Database Update will be notified using the intrasite notification values 15 and 3 seconds. so replication will be that fast.
BTW this does not apply to FRS replication.
----- Original Message -----
From: Rand Salazar
To: ActiveDir@mail.activedir.org
Sent: Wednesday, May 07, 2008 3:38 PM
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent Replication are triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test environment is confusing me! Now it is replicating changes rather quickly.. changes such as Exchange mailbox moves, descriptions, renames, etc... These werent happening earlier.. Currently the rep interval is set to 30 minutes. Earlier this morning the test environment was replicating these changes after 30 mins. Now its happening within a minute or so. Strange. Is this expected behavior or am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)" <eric.gustafson@oldcastlematerials.com> wrote:
An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between Sites
Folks,
What sort of event will trigger change between sites if we enable site link notifications? In our test environment with it enabled, we performed a user rename on one site and nothing happened in the second site for close to the actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as eventually the change will replicate, but I would like for it to be quicker or at least bypass the set interval.
Just for clarification, the options attribute in our test environment was "Not Set" so I entered a 1 to enable.
Thanks.
----------------------------------------------------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
------------------------------------------------------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
| | | |
| danholme
Posts:70
| | 05/07/2008 8:14 PM |
| Dang Joe your brain amazes me.
For the records, for whomever reads this thread down the road (including
my buddies at the client I'm about to "quote"), I have a good sized
(5-figure users) globally distributed client who implemented Change
Notification across the enterprise and now has a convergence window of
between 30-40 seconds for the entire "world." They LOVE LOVE LOVE the
results, and have had it in place for well over a year with no issues
that would cause them to do otherwise.
Dan
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Wednesday, May 07, 2008 12:15 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Possibly...
Assuming change notification was enabled properly, it works. However the
replication is still pushed through the bridgehead server for the given
site. You don't get a ring topology across the sites like you have
within a single site. It is a ring within the site and the standard
spanning tree for intersite. That means convergence isn't coming from
two different directions... you have a SPoF or more accurately
SPoL(atency). So say you have enough DCs in a site to get a full 3 hop
ring then change notification to another site could still realistically
be over a minute with default holdback timing, etc and not even
considering the time to process the churn involved. It could take
considerably over a minute if the bridgehead is busy (either dealing
with lots of work or it has a poor connection to a site and RPC is being
troublesome over that pipe). I have seen bridgeheads that have gotten
tied up for long periods of time (hours under W2K, tens of minutes under
2K3) when a single site was having network issues and it was causing
slowness of all replication going through that bridgehead.
More info... DCs only have single inbound pull replication thread and
the replication is pull based. So while DC-A can service many DCs asking
for updates, it can only pull from one DC at a time. So if you have a
bridgehead that is tied up pulling from say DC-C and DC-B has changes
for it, DC-B will send the change notification to the bridgehead but it
will have to finish with DC-C first before it gets to DC-B to get the
changes to be pulled by DCs in sites that that bridgehead services.
Confused yet?
There is also some implication in the thread about urgent replication...
Urgent replication is different than change notification though it is
related. Urgent replication just means you don't go through the holdback
period but nothing is truly urgently replicated, it is just urgently
queued. I.E. It hits the queue right away but has the normal priorities
of the other stuff queued so it isn't like it goes to the head of the
pack or anything.
This stuff was discussed in Dean and my presentation at DEC back in
2006, pop out to Jadonex for the powerpoint about it and the info on the
queuing priorities, etc.
If you want to watch what is happening, go pick up ADQueueLoop, AdFind
(with -sc replqueue or -sc ncrepl switches), or repadmin (with /queue
switch) to see what is currently going through the queue or to show the
current queue in its entirely and play with those, you will see the
replication requests being queued up and processed. If you have two
sites (Site A and Site B) and two DCs (SA-DC1 and SB-DC1) and you watch
the Repl Queue on SB-DC1 and change notification is enabled between them
and then make a change directly on SA-DC1 then you should see a repl
request for SA-DC1 pop into the queue in a time dependent on the number
of DCs that are change notify enabled with SB-DC1. So if that is the
only DC with a change notification connection (i.e. no DCs in the site
with SA-DC1 and only the one change notification site) you would
normally expect to see something within 15 seconds.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Wednesday, May 07, 2008 5:25 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Triggers for Change Notification Between Sites
I'm guessing you needed to sit out the replication interval for the site
link change.
As Dean said on k3 you should be seeing replication between these sites
converging in a matter of seconds now.
--brian
On Wed, May 7, 2008 at 4:38 PM, Rand Salazar <rmscheck@yahoo.com> wrote:
Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent Replication are
triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test environment is
confusing me! Now it is replicating changes rather quickly.. changes
such as Exchange mailbox moves, descriptions, renames, etc... These
werent happening earlier.. Currently the rep interval is set to 30
minutes. Earlier this morning the test environment was replicating
these changes after 30 mins. Now its happening within a minute or so.
Strange. Is this expected behavior or am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)"
<eric.gustafson@oldcastlematerials.com> wrote:
An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/artic
leId/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between Sites
Folks,
What sort of event will trigger change between sites if we enable site
link notifications? In our test environment with it enabled, we
performed a user rename on one site and nothing happened in the second
site for close to the actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as
eventually the change will replicate, but I would like for it to be
quicker or at least bypass the set interval.
Just for clarification, the options attribute in our test environment
was "Not Set" so I entered a 1 to enable.
Thanks.
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
it now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62
sR8HDtDypao8Wcj9tAcJ%20>
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
it now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62
sR8HDtDypao8Wcj9tAcJ>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| EricGustafson
Posts:30
| | 05/07/2008 8:40 PM |
| Dan -
Are they at the W2K3 FFL? I can see that it may be a problem without LVR going.
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dan Holme
Sent: Wednesday, May 07, 2008 8:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Dang Joe your brain amazes me.
For the records, for whomever reads this thread down the road (including my buddies at the client I'm about to "quote"), I have a good sized (5-figure users) globally distributed client who implemented Change Notification across the enterprise and now has a convergence window of between 30-40 seconds for the entire "world." They LOVE LOVE LOVE the results, and have had it in place for well over a year with no issues that would cause them to do otherwise.
Dan
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Wednesday, May 07, 2008 12:15 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Possibly...
Assuming change notification was enabled properly, it works. However the replication is still pushed through the bridgehead server for the given site. You don't get a ring topology across the sites like you have within a single site. It is a ring within the site and the standard spanning tree for intersite. That means convergence isn't coming from two different directions... you have a SPoF or more accurately SPoL(atency). So say you have enough DCs in a site to get a full 3 hop ring then change notification to another site could still realistically be over a minute with default holdback timing, etc and not even considering the time to process the churn involved. It could take considerably over a minute if the bridgehead is busy (either dealing with lots of work or it has a poor connection to a site and RPC is being troublesome over that pipe). I have seen bridgeheads that have gotten tied up for long periods of time (hours under W2K, tens of minutes under 2K3) when a single site was having network issues and it was causing slowness of all replication going through that bridgehead.
More info... DCs only have single inbound pull replication thread and the replication is pull based. So while DC-A can service many DCs asking for updates, it can only pull from one DC at a time. So if you have a bridgehead that is tied up pulling from say DC-C and DC-B has changes for it, DC-B will send the change notification to the bridgehead but it will have to finish with DC-C first before it gets to DC-B to get the changes to be pulled by DCs in sites that that bridgehead services. Confused yet?
There is also some implication in the thread about urgent replication... Urgent replication is different than change notification though it is related. Urgent replication just means you don't go through the holdback period but nothing is truly urgently replicated, it is just urgently queued. I.E. It hits the queue right away but has the normal priorities of the other stuff queued so it isn't like it goes to the head of the pack or anything.
This stuff was discussed in Dean and my presentation at DEC back in 2006, pop out to Jadonex for the powerpoint about it and the info on the queuing priorities, etc.
If you want to watch what is happening, go pick up ADQueueLoop, AdFind (with -sc replqueue or -sc ncrepl switches), or repadmin (with /queue switch) to see what is currently going through the queue or to show the current queue in its entirely and play with those, you will see the replication requests being queued up and processed. If you have two sites (Site A and Site B) and two DCs (SA-DC1 and SB-DC1) and you watch the Repl Queue on SB-DC1 and change notification is enabled between them and then make a change directly on SA-DC1 then you should see a repl request for SA-DC1 pop into the queue in a time dependent on the number of DCs that are change notify enabled with SB-DC1. So if that is the only DC with a change notification connection (i.e. no DCs in the site with SA-DC1 and only the one change notification site) you would normally expect to see something within 15 seconds.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Wednesday, May 07, 2008 5:25 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Triggers for Change Notification Between Sites
I'm guessing you needed to sit out the replication interval for the site link change.
As Dean said on k3 you should be seeing replication between these sites converging in a matter of seconds now.
--brian
On Wed, May 7, 2008 at 4:38 PM, Rand Salazar <rmscheck@yahoo.com<mailto:rmscheck@yahoo.com>> wrote:
Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent Replication are triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test environment is confusing me! Now it is replicating changes rather quickly.. changes such as Exchange mailbox moves, descriptions, renames, etc... These werent happening earlier.. Currently the rep interval is set to 30 minutes. Earlier this morning the test environment was replicating these changes after 30 mins. Now its happening within a minute or so. Strange. Is this expected behavior or am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)" <eric.gustafson@oldcastlematerials.com<mailto:eric.gustafson@oldcastlematerials.com>> wrote:
An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between Sites
Folks,
What sort of event will trigger change between sites if we enable site link notifications? In our test environment with it enabled, we performed a user rename on one site and nothing happened in the second site for close to the actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as eventually the change will replicate, but I would like for it to be quicker or at least bypass the set interval.
Just for clarification, the options attribute in our test environment was "Not Set" so I entered a 1 to enable.
Thanks.
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ%20>
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ>
--
Thanks,
Brian Desmond
brian@briandesmond.com<mailto:brian@briandesmond.com>
c - 312.731.3132
| | | |
| rmscheck
Posts:19
| | 05/07/2008 8:55 PM |
| Wow, I hate to say it, but I live for joe's posts hahah.. yes, I'm a suckup. LOL. Seriously though, thank you for your overflow of AD knowledge (everyone else too!)
It's good to know at least I was on the right track on how the whole enable change notify process worked. I needed much clarification on what to expect since I didnt get my expected result initially.
joe <listmail@joeware.net> wrote:
Possibly...
Assuming change notification was enabled properly, it works. However the replication is still pushed through the bridgehead server for the given site. You don't get a ring topology across the sites like you have within a single site. It is a ring within the site and the standard spanning tree for intersite. That means convergence isn't coming from two different directions... you have a SPoF or more accurately SPoL(atency). So say you have enough DCs in a site to get a full 3 hop ring then change notification to another site could still realistically be over a minute with default holdback timing, etc and not even considering the time to process the churn involved. It could take considerably over a minute if the bridgehead is busy (either dealing with lots of work or it has a poor connection to a site and RPC is being troublesome over that pipe). I have seen bridgeheads that have gotten tied up for long periods of time (hours under W2K, tens of minutes under 2K3) when a
single site was having network issues and it was causing slowness of all replication going through that bridgehead.
More info... DCs only have single inbound pull replication thread and the replication is pull based. So while DC-A can service many DCs asking for updates, it can only pull from one DC at a time. So if you have a bridgehead that is tied up pulling from say DC-C and DC-B has changes for it, DC-B will send the change notification to the bridgehead but it will have to finish with DC-C first before it gets to DC-B to get the changes to be pulled by DCs in sites that that bridgehead services. Confused yet?
There is also some implication in the thread about urgent replication... Urgent replication is different than change notification though it is related. Urgent replication just means you don't go through the holdback period but nothing is truly urgently replicated, it is just urgently queued. I.E. It hits the queue right away but has the normal priorities of the other stuff queued so it isn't like it goes to the head of the pack or anything.
This stuff was discussed in Dean and my presentation at DEC back in 2006, pop out to Jadonex for the powerpoint about it and the info on the queuing priorities, etc.
If you want to watch what is happening, go pick up ADQueueLoop, AdFind (with -sc replqueue or -sc ncrepl switches), or repadmin (with /queue switch) to see what is currently going through the queue or to show the current queue in its entirely and play with those, you will see the replication requests being queued up and processed. If you have two sites (Site A and Site B) and two DCs (SA-DC1 and SB-DC1) and you watch the Repl Queue on SB-DC1 and change notification is enabled between them and then make a change directly on SA-DC1 then you should see a repl request for SA-DC1 pop into the queue in a time dependent on the number of DCs that are change notify enabled with SB-DC1. So if that is the only DC with a change notification connection (i.e. no DCs in the site with SA-DC1 and only the one change notification site) you would normally expect to see something within 15 seconds.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
---------------------------------
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Wednesday, May 07, 2008 5:25 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Triggers for Change Notification Between Sites
I'm guessing you needed to sit out the replication interval for the site link change.
As Dean said on k3 you should be seeing replication between these sites converging in a matter of seconds now.
--brian
On Wed, May 7, 2008 at 4:38 PM, Rand Salazar <rmscheck@yahoo.com> wrote:
Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent Replication are triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test environment is confusing me! Now it is replicating changes rather quickly.. changes such as Exchange mailbox moves, descriptions, renames, etc... These werent happening earlier.. Currently the rep interval is set to 30 minutes. Earlier this morning the test environment was replicating these changes after 30 mins. Now its happening within a minute or so. Strange. Is this expected behavior or am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)" <eric.gustafson@oldcastlematerials.com> wrote: An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between Sites
Folks,
What sort of event will trigger change between sites if we enable site link notifications? In our test environment with it enabled, we performed a user rename on one site and nothing happened in the second site for close to the actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as eventually the change will replicate, but I would like for it to be quicker or at least bypass the set interval.
Just for clarification, the options attribute in our test environment was "Not Set" so I entered a 1 to enable.
Thanks.
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
| | | |
| danholme
Posts:70
| | 05/07/2008 9:41 PM |
| Yes, they are at Windows Server 2003 FFL.
But remember... the same number of bytes are going to go from Bridgehead
in Site A to Bridgehead in Site B no matter what.... It's just a matter
of when. I'd argue you're actually making better use of your bandwidth
by using Change Notification than not, because then you don't have a
"big bunch" of bytes going between sites every 15 minutes (or whatever),
but rather are "trickling" them. OK, there's a VERY small amount of
overhead with the "change notification" process itself, but the same
number of bytes are going over the link and
(JOE PLEASE CORRECT ME)
I believe that, even with Change Notification, the intersite replication
will continue to use compression
So, bottom line, regardless of your FFL, if 30 kbytes need to replicate
it MIGHT be better to let 6x5 kb (six changes - numbers are just
examples) trickle over every 2.5 minutes versus all 30KB at the "fifteen
minute" mark.
BTW: you might also argue that if you're NOT at WS2003FFL, Change
Notification is more crucial because you DECREASE the risk of
potentially conflicting changes to group membership during a replication
window!!! So from a security standpoint, I'm probably more interested
in convergence when a "non-converged" state might lead to
"human/business/security" problems.
Food for thought.
Dan
(combining branched threads)
FROM ERIC:
Dan -
Are they at the W2K3 FFL? I can see that it may be a problem without LVR
going.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 2:51 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Wow, I hate to say it, but I live for joe's posts hahah.. yes, I'm a
suckup. LOL. Seriously though, thank you for your overflow of AD
knowledge (everyone else too!)
It's good to know at least I was on the right track on how the whole
enable change notify process worked. I needed much clarification on
what to expect since I didnt get my expected result initially.
joe <listmail@joeware.net> wrote:
Possibly...
Assuming change notification was enabled properly, it works.
However the replication is still pushed through the bridgehead server
for the given site. You don't get a ring topology across the sites like
you have within a single site. It is a ring within the site and the
standard spanning tree for intersite. That means convergence isn't
coming from two different directions... you have a SPoF or more
accurately SPoL(atency). So say you have enough DCs in a site to get a
full 3 hop ring then change notification to another site could still
realistically be over a minute with default holdback timing, etc and not
even considering the time to process the churn involved. It could take
considerably over a minute if the bridgehead is busy (either dealing
with lots of work or it has a poor connection to a site and RPC is being
troublesome over that pipe). I have seen bridgeheads that have gotten
tied up for long periods of time (hours under W2K, tens of minutes under
2K3) when a single site was having network issues and it was causing
slowness of all replication going through that bridgehead.
More info... DCs only have single inbound pull replication
thread and the replication is pull based. So while DC-A can service many
DCs asking for updates, it can only pull from one DC at a time. So if
you have a bridgehead that is tied up pulling from say DC-C and DC-B has
changes for it, DC-B will send the change notification to the bridgehead
but it will have to finish with DC-C first before it gets to DC-B to get
the changes to be pulled by DCs in sites that that bridgehead services.
Confused yet?
There is also some implication in the thread about urgent
replication... Urgent replication is different than change notification
though it is related. Urgent replication just means you don't go through
the holdback period but nothing is truly urgently replicated, it is just
urgently queued. I.E. It hits the queue right away but has the normal
priorities of the other stuff queued so it isn't like it goes to the
head of the pack or anything.
This stuff was discussed in Dean and my presentation at DEC back
in 2006, pop out to Jadonex for the powerpoint about it and the info on
the queuing priorities, etc.
If you want to watch what is happening, go pick up ADQueueLoop,
AdFind (with -sc replqueue or -sc ncrepl switches), or repadmin (with
/queue switch) to see what is currently going through the queue or to
show the current queue in its entirely and play with those, you will see
the replication requests being queued up and processed. If you have two
sites (Site A and Site B) and two DCs (SA-DC1 and SB-DC1) and you watch
the Repl Queue on SB-DC1 and change notification is enabled between them
and then make a change directly on SA-DC1 then you should see a repl
request for SA-DC1 pop into the queue in a time dependent on the number
of DCs that are change notify enabled with SB-DC1. So if that is the
only DC with a change notification connection (i.e. no DCs in the site
with SA-DC1 and only the one change notification site) you would
normally expect to see something within 15 seconds.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Wednesday, May 07, 2008 5:25 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Triggers for Change Notification
Between Sites
I'm guessing you needed to sit out the replication interval for
the site link change.
As Dean said on k3 you should be seeing replication between
these sites converging in a matter of seconds now.
--brian
On Wed, May 7, 2008 at 4:38 PM, Rand Salazar
<rmscheck@yahoo.com> wrote:
Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent
Replication are triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test
environment is confusing me! Now it is replicating changes rather
quickly.. changes such as Exchange mailbox moves, descriptions,
renames, etc... These werent happening earlier.. Currently the rep
interval is set to 30 minutes. Earlier this morning the test
environment was replicating these changes after 30 mins. Now its
happening within a minute or so. Strange. Is this expected behavior or
am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)"
<eric.gustafson@oldcastlematerials.com> wrote:
An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/artic
leId/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between
Sites
Folks,
What sort of event will trigger change between sites if we
enable site link notifications? In our test environment with it
enabled, we performed a user rename on one site and nothing happened in
the second site for close to the actual site links replication interval.
As far as I can tell, replication is occurring normally between
sites as eventually the change will replicate, but I would like for it
to be quicker or at least bypass the set interval.
Just for clarification, the options attribute in our test
environment was "Not Set" so I entered a 1 to enable.
Thanks.
________________________________
Be a better friend, newshound, and know-it-all with Yahoo!
Mobile. Try it now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62
sR8HDtDypao8Wcj9tAcJ%20>
________________________________
Be a better friend, newshound, and know-it-all with Yahoo!
Mobile. Try it now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62
sR8HDtDypao8Wcj9tAcJ>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
________________________________
Be a better friend, newshound, and know-it-all with Yahoo!
Mobile. Try it now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62
sR8HDtDypao8Wcj9tAcJ%20>
| | | |
| dmitrig
Posts:41
| | 05/07/2008 9:56 PM |
| One rather theoretical note:
If you replicate more often, then you might end up replicating more data, because *every* object state is now replicated, as opposed to only the current state at 15-minute intervals.
E.g. if you have an app that changes some 1kb value every minute, then you'll have 15 replications within a 15 minute interval, while without notifications, only the last value will be replicated around. 15x difference.
But again, this is only a theoretical note. In real life, values normally don't change multiple times within a replication interval, so you don't lose much.
Dmitri
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dan Holme
Sent: Wednesday, May 07, 2008 6:39 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Yes, they are at Windows Server 2003 FFL.
But remember... the same number of bytes are going to go from Bridgehead in Site A to Bridgehead in Site B no matter what.... It's just a matter of when. I'd argue you're actually making better use of your bandwidth by using Change Notification than not, because then you don't have a "big bunch" of bytes going between sites every 15 minutes (or whatever), but rather are "trickling" them. OK, there's a VERY small amount of overhead with the "change notification" process itself, but the same number of bytes are going over the link and
(JOE PLEASE CORRECT ME)
I believe that, even with Change Notification, the intersite replication will continue to use compression
So, bottom line, regardless of your FFL, if 30 kbytes need to replicate it MIGHT be better to let 6x5 kb (six changes - numbers are just examples) trickle over every 2.5 minutes versus all 30KB at the "fifteen minute" mark.
BTW: you might also argue that if you're NOT at WS2003FFL, Change Notification is more crucial because you DECREASE the risk of potentially conflicting changes to group membership during a replication window!!! So from a security standpoint, I'm probably more interested in convergence when a "non-converged" state might lead to "human/business/security" problems.
Food for thought.
Dan
(combining branched threads)
FROM ERIC:
Dan -
Are they at the W2K3 FFL? I can see that it may be a problem without LVR going.
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 2:51 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Wow, I hate to say it, but I live for joe's posts hahah.. yes, I'm a suckup. LOL. Seriously though, thank you for your overflow of AD knowledge (everyone else too!)
It's good to know at least I was on the right track on how the whole enable change notify process worked. I needed much clarification on what to expect since I didnt get my expected result initially.
joe <listmail@joeware.net> wrote:
Possibly...
Assuming change notification was enabled properly, it works. However the replication is still pushed through the bridgehead server for the given site. You don't get a ring topology across the sites like you have within a single site. It is a ring within the site and the standard spanning tree for intersite. That means convergence isn't coming from two different directions... you have a SPoF or more accurately SPoL(atency). So say you have enough DCs in a site to get a full 3 hop ring then change notification to another site could still realistically be over a minute with default holdback timing, etc and not even considering the time to process the churn involved. It could take considerably over a minute if the bridgehead is busy (either dealing with lots of work or it has a poor connection to a site and RPC is being troublesome over that pipe). I have seen bridgeheads that have gotten tied up for long periods of time (hours under W2K, tens of minutes under 2K3) when a single site was having network issues and it was causing slowness of all replication going through that bridgehead.
More info... DCs only have single inbound pull replication thread and the replication is pull based. So while DC-A can service many DCs asking for updates, it can only pull from one DC at a time. So if you have a bridgehead that is tied up pulling from say DC-C and DC-B has changes for it, DC-B will send the change notification to the bridgehead but it will have to finish with DC-C first before it gets to DC-B to get the changes to be pulled by DCs in sites that that bridgehead services. Confused yet?
There is also some implication in the thread about urgent replication... Urgent replication is different than change notification though it is related. Urgent replication just means you don't go through the holdback period but nothing is truly urgently replicated, it is just urgently queued. I.E. It hits the queue right away but has the normal priorities of the other stuff queued so it isn't like it goes to the head of the pack or anything.
This stuff was discussed in Dean and my presentation at DEC back in 2006, pop out to Jadonex for the powerpoint about it and the info on the queuing priorities, etc.
If you want to watch what is happening, go pick up ADQueueLoop, AdFind (with -sc replqueue or -sc ncrepl switches), or repadmin (with /queue switch) to see what is currently going through the queue or to show the current queue in its entirely and play with those, you will see the replication requests being queued up and processed. If you have two sites (Site A and Site B) and two DCs (SA-DC1 and SB-DC1) and you watch the Repl Queue on SB-DC1 and change notification is enabled between them and then make a change directly on SA-DC1 then you should see a repl request for SA-DC1 pop into the queue in a time dependent on the number of DCs that are change notify enabled with SB-DC1. So if that is the only DC with a change notification connection (i.e. no DCs in the site with SA-DC1 and only the one change notification site) you would normally expect to see something within 15 seconds.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Wednesday, May 07, 2008 5:25 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Triggers for Change Notification Between Sites
I'm guessing you needed to sit out the replication interval for the site link change.
As Dean said on k3 you should be seeing replication between these sites converging in a matter of seconds now.
--brian
On Wed, May 7, 2008 at 4:38 PM, Rand Salazar <rmscheck@yahoo.com<mailto:rmscheck@yahoo.com>> wrote:
Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent Replication are triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test environment is confusing me! Now it is replicating changes rather quickly.. changes such as Exchange mailbox moves, descriptions, renames, etc... These werent happening earlier.. Currently the rep interval is set to 30 minutes. Earlier this morning the test environment was replicating these changes after 30 mins. Now its happening within a minute or so. Strange. Is this expected behavior or am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)" <eric.gustafson@oldcastlematerials.com<mailto:eric.gustafson@oldcastlematerials.com>> wrote:
An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between Sites
Folks,
What sort of event will trigger change between sites if we enable site link notifications? In our test environment with it enabled, we performed a user rename on one site and nothing happened in the second site for close to the actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as eventually the change will replicate, but I would like for it to be quicker or at least bypass the set interval.
Just for clarification, the options attribute in our test environment was "Not Set" so I entered a 1 to enable.
Thanks.
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ%20>
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ>
--
Thanks,
Brian Desmond
brian@briandesmond.com<mailto:brian@briandesmond.com>
c - 312.731.3132
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ%20>
| | | |
| JackP
Posts:32
| | 05/08/2008 9:13 AM |
| I just wanted to second Dan's sorta question about compression. I've
always wondered if compression was still used if Change Notification was
enabled. I had assumed it would be, but I'd love definite confirmation of
that. If compression is still used, I would definitely have to agree with
Dan that in normal operation change notification would seem to make better
use of bandwidth.
Thanks all, I've enjoyed reading this thread.
-Jack
"Dan Holme" <dan.holme@intelliem.com>
Sent by: ActiveDir-owner@mail.activedir.org
05/07/2008 09:41 PM
Please respond to
ActiveDir@mail.activedir.org
To
<ActiveDir@mail.activedir.org>
cc
Subject
RE: [ActiveDir] Triggers for Change Notification Between Sites
Yes, they are at Windows Server 2003 FFL.
But remember? the same number of bytes are going to go from Bridgehead in
Site A to Bridgehead in Site B no matter what?. It?s just a matter of when
. I?d argue you?re actually making better use of your bandwidth by using
Change Notification than not, because then you don?t have a ?big bunch? of
bytes going between sites every 15 minutes (or whatever), but rather are
?trickling? them. OK, there?s a VERY small amount of overhead with the
?change notification? process itself, but the same number of bytes are
going over the link and
(JOE PLEASE CORRECT ME)
I believe that, even with Change Notification, the intersite replication
will continue to use compression
So, bottom line, regardless of your FFL, if 30 kbytes need to replicate it
MIGHT be better to let 6x5 kb (six changes ? numbers are just examples)
trickle over every 2.5 minutes versus all 30KB at the ?fifteen minute?
mark.
BTW: you might also argue that if you?re NOT at WS2003FFL, Change
Notification is more crucial because you DECREASE the risk of potentially
conflicting changes to group membership during a replication window!!! So
from a security standpoint, I?m probably more interested in convergence
when a ?non-converged? state might lead to ?human/business/security?
problems.
Food for thought.
Dan
(combining branched threads)
FROM ERIC:
Dan ?
Are they at the W2K3 FFL? I can see that it may be a problem without LVR
going.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 2:51 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Wow, I hate to say it, but I live for joe's posts hahah.. yes, I'm a
suckup. LOL. Seriously though, thank you for your overflow of AD
knowledge (everyone else too!)
It's good to know at least I was on the right track on how the whole
enable change notify process worked. I needed much clarification on what
to expect since I didnt get my expected result initially.
joe <listmail@joeware.net> wrote:
Possibly...
Assuming change notification was enabled properly, it works. However the
replication is still pushed through the bridgehead server for the given
site. You don't get a ring topology across the sites like you have within
a single site. It is a ring within the site and the standard spanning tree
for intersite. That means convergence isn't coming from two different
directions... you have a SPoF or more accurately SPoL(atency). So say you
have enough DCs in a site to get a full 3 hop ring then change
notification to another site could still realistically be over a minute
with default holdback timing, etc and not even considering the time to
process the churn involved. It could take considerably over a minute if
the bridgehead is busy (either dealing with lots of work or it has a poor
connection to a site and RPC is being troublesome over that pipe). I have
seen bridgeheads that have gotten tied up for long periods of time (hours
under W2K, tens of minutes under 2K3) when a single site was having
network issues and it was causing slowness of all replication going
through that bridgehead.
More info... DCs only have single inbound pull replication thread and the
replication is pull based. So while DC-A can service many DCs asking for
updates, it can only pull from one DC at a time. So if you have a
bridgehead that is tied up pulling from say DC-C and DC-B has changes for
it, DC-B will send the change notification to the bridgehead but it will
have to finish with DC-C first before it gets to DC-B to get the changes
to be pulled by DCs in sites that that bridgehead services. Confused yet?
There is also some implication in the thread about urgent replication...
Urgent replication is different than change notification though it is
related. Urgent replication just means you don't go through the holdback
period but nothing is truly urgently replicated, it is just urgently
queued. I.E. It hits the queue right away but has the normal priorities of
the other stuff queued so it isn't like it goes to the head of the pack or
anything.
This stuff was discussed in Dean and my presentation at DEC back in 2006,
pop out to Jadonex for the powerpoint about it and the info on the queuing
priorities, etc.
If you want to watch what is happening, go pick up ADQueueLoop, AdFind
(with -sc replqueue or -sc ncrepl switches), or repadmin (with /queue
switch) to see what is currently going through the queue or to show the
current queue in its entirely and play with those, you will see the
replication requests being queued up and processed. If you have two sites
(Site A and Site B) and two DCs (SA-DC1 and SB-DC1) and you watch the Repl
Queue on SB-DC1 and change notification is enabled between them and then
make a change directly on SA-DC1 then you should see a repl request for
SA-DC1 pop into the queue in a time dependent on the number of DCs that
are change notify enabled with SB-DC1. So if that is the only DC with a
change notification connection (i.e. no DCs in the site with SA-DC1 and
only the one change notification site) you would normally expect to see
something within 15 seconds.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Wednesday, May 07, 2008 5:25 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Triggers for Change Notification Between Sites
I'm guessing you needed to sit out the replication interval for the site
link change.
As Dean said on k3 you should be seeing replication between these sites
converging in a matter of seconds now.
--brian
On Wed, May 7, 2008 at 4:38 PM, Rand Salazar <rmscheck@yahoo.com> wrote:
Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent Replication are
triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test environment is
confusing me! Now it is replicating changes rather quickly.. changes
such as Exchange mailbox moves, descriptions, renames, etc... These
werent happening earlier.. Currently the rep interval is set to 30
minutes. Earlier this morning the test environment was replicating these
changes after 30 mins. Now its happening within a minute or so. Strange.
Is this expected behavior or am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)" <
eric.gustafson@oldcastlematerials.com> wrote:
An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org [mailto:
ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between Sites
Folks,
What sort of event will trigger change between sites if we enable site
link notifications? In our test environment with it enabled, we performed
a user rename on one site and nothing happened in the second site for
close to the actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as
eventually the change will replicate, but I would like for it to be
quicker or at least bypass the set interval.
Just for clarification, the options attribute in our test environment was
"Not Set" so I entered a 1 to enable.
Thanks.
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
| | | |
| listmail
Posts:178
| | 05/08/2008 11:09 AM |
| I am not positive but I also believe compression is still in place when you
enable change notification across sites. However... You will have less data
going across which will possibly impact the compession ratios (i.e. the more
data to compress, in general the better the ratios), this was true with
Windows 2000 AD x-site compress as evidenced by the tables from "Windows
2000 Active Directory Notes from the Field" from MSPress but I am not sure
if I have seen anything with that level of detail regarding the newer
compression mechanisms MSFT is using. I would certainly be curious to see
that.
You will also have more overhead bytes overall for the replication process
itself... More TCP/IP handshaking packets, more RPC handshaking packets,
etc. so while the pure AD type data that you need to converge could be
identical or close or who knows (depending on how the compression is
impacted), you will definitely have more state maintenance data going
across. Whether that is worth worrying about or not is probably academic
because I doubt it would be enough to overcome the desire to get to a *more*
converged state *more* quickly.
Likely if you are really super concerned about data transfer size over a
specific wire, you are likely going to be specifying some sort of schedule
for replication anyway because the pipe will be used for more than AD. I am
thinking about satellite connections, wireless connections (whether standard
wireless or things like VLF/ELF), dialup, super bad telcom lines, etc here.
You also have the point that Dmitri made concerning the versions of the
changes. I also agree with Dmitri that that likely isn't a real normal case
for most places, likely if you replicate every 15 minutes you are already
getting every version of an attribute update but if you do have a replicated
attribute that is getting popped every 10-15-60 seconds you will be
replicating more data from that. Active Directory according to what I recall
was designed to be primarily read and that is how most people truly use it.
If you need a bunch of updates constantly to the same attributes you likely
want to be looking at some sort of SQL solution anyway not that I haven't
seen occurences of people who constantly push changes into AD on a very
frequent basis. Its just unusual in my experience.
In one design where I enabled change notification I set up sort of two rings
between the three regional datacenters (standard americas, emea, asiapac
layout). Three hub datacenters, each had 2 sites, an Exchange site and the
NOS site. The NOS sites were connected together in 3 sitelinks with change
notification enabled. The Exchange sites were connected together in 3
sitelinks with change notification enabled. The Exchange and NOS sites in
each location were connected with a site link with change notification
enabled. All WAN sites that spoked off from the NOS sites were not change
notification enabled. All told around 400 DCs globally, can't recall the
number in the hub sites but likely around 60. Any change made on any DC in
any of the hub sites (whether Exchange or NOS) was converged very quickly
across the globe hub sites (minutes tops even if WAN sites were causing
issues with *some* of the bridgeheads* because there were multiple paths).
Anyone who works with multiple RUS instances in a very large distributed
deployment can likely appreciate the quick convergence this allowed. The WAN
sites got pretty much any change made in any datacenter site within 20
minutes but again that was dependent on how busy the bridgehead DCs were.
With K3 and the load balancing of intersite connections that got even
better.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dan Holme
Sent: Wednesday, May 07, 2008 9:39 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Yes, they are at Windows Server 2003 FFL.
But remember. the same number of bytes are going to go from Bridgehead in
Site A to Bridgehead in Site B no matter what.. It's just a matter of when.
I'd argue you're actually making better use of your bandwidth by using
Change Notification than not, because then you don't have a "big bunch" of
bytes going between sites every 15 minutes (or whatever), but rather are
"trickling" them. OK, there's a VERY small amount of overhead with the
"change notification" process itself, but the same number of bytes are going
over the link and
(JOE PLEASE CORRECT ME)
I believe that, even with Change Notification, the intersite replication
will continue to use compression
So, bottom line, regardless of your FFL, if 30 kbytes need to replicate it
MIGHT be better to let 6x5 kb (six changes - numbers are just examples)
trickle over every 2.5 minutes versus all 30KB at the "fifteen minute" mark.
BTW: you might also argue that if you're NOT at WS2003FFL, Change
Notification is more crucial because you DECREASE the risk of potentially
conflicting changes to group membership during a replication window!!! So
from a security standpoint, I'm probably more interested in convergence when
a "non-converged" state might lead to "human/business/security" problems.
Food for thought.
Dan
(combining branched threads)
FROM ERIC:
Dan -
Are they at the W2K3 FFL? I can see that it may be a problem without LVR
going.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 2:51 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Wow, I hate to say it, but I live for joe's posts hahah.. yes, I'm a
suckup. LOL. Seriously though, thank you for your overflow of AD knowledge
(everyone else too!)
It's good to know at least I was on the right track on how the whole enable
change notify process worked. I needed much clarification on what to expect
since I didnt get my expected result initially.
joe <listmail@joeware.net> wrote:
Possibly...
Assuming change notification was enabled properly, it works. However the
replication is still pushed through the bridgehead server for the given
site. You don't get a ring topology across the sites like you have within a
single site. It is a ring within the site and the standard spanning tree for
intersite. That means convergence isn't coming from two different
directions... you have a SPoF or more accurately SPoL(atency). So say you
have enough DCs in a site to get a full 3 hop ring then change notification
to another site could still realistically be over a minute with default
holdback timing, etc and not even considering the time to process the churn
involved. It could take considerably over a minute if the bridgehead is busy
(either dealing with lots of work or it has a poor connection to a site and
RPC is being troublesome over that pipe). I have seen bridgeheads that have
gotten tied up for long periods of time (hours under W2K, tens of minutes
under 2K3) when a single site was having network issues and it was causing
slowness of all replication going through that bridgehead.
More info... DCs only have single inbound pull replication thread and the
replication is pull based. So while DC-A can service many DCs asking for
updates, it can only pull from one DC at a time. So if you have a bridgehead
that is tied up pulling from say DC-C and DC-B has changes for it, DC-B will
send the change notification to the bridgehead but it will have to finish
with DC-C first before it gets to DC-B to get the changes to be pulled by
DCs in sites that that bridgehead services. Confused yet?
There is also some implication in the thread about urgent replication...
Urgent replication is different than change notification though it is
related. Urgent replication just means you don't go through the holdback
period but nothing is truly urgently replicated, it is just urgently queued.
I.E. It hits the queue right away but has the normal priorities of the other
stuff queued so it isn't like it goes to the head of the pack or anything.
This stuff was discussed in Dean and my presentation at DEC back in 2006,
pop out to Jadonex for the powerpoint about it and the info on the queuing
priorities, etc.
If you want to watch what is happening, go pick up ADQueueLoop, AdFind (with
-sc replqueue or -sc ncrepl switches), or repadmin (with /queue switch) to
see what is currently going through the queue or to show the current queue
in its entirely and play with those, you will see the replication requests
being queued up and processed. If you have two sites (Site A and Site B) and
two DCs (SA-DC1 and SB-DC1) and you watch the Repl Queue on SB-DC1 and
change notification is enabled between them and then make a change directly
on SA-DC1 then you should see a repl request for SA-DC1 pop into the queue
in a time dependent on the number of DCs that are change notify enabled with
SB-DC1. So if that is the only DC with a change notification connection
(i.e. no DCs in the site with SA-DC1 and only the one change notification
site) you would normally expect to see something within 15 seconds.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Wednesday, May 07, 2008 5:25 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Triggers for Change Notification Between Sites
I'm guessing you needed to sit out the replication interval for the site
link change.
As Dean said on k3 you should be seeing replication between these sites
converging in a matter of seconds now.
--brian
On Wed, May 7, 2008 at 4:38 PM, Rand Salazar <rmscheck@yahoo.com> wrote:
Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent Replication are
triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test environment is
confusing me! Now it is replicating changes rather quickly.. changes such
as Exchange mailbox moves, descriptions, renames, etc... These werent
happening earlier.. Currently the rep interval is set to 30 minutes.
Earlier this morning the test environment was replicating these changes
after 30 mins. Now its happening within a minute or so. Strange. Is this
expected behavior or am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)"
<eric.gustafson@oldcastlematerials.com> wrote:
An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId
/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [ActiveDir] Triggers for Change Notification Between Sites
Folks,
What sort of event will trigger change between sites if we enable site link
notifications? In our test environment with it enabled, we performed a user
rename on one site and nothing happened in the second site for close to the
actual site links replication interval.
As far as I can tell, replication is occurring normally between sites as
eventually the change will replicate, but I would like for it to be quicker
or at least bypass the set interval.
Just for clarification, the options attribute in our test environment was
"Not Set" so I entered a 1 to enable.
Thanks.
_____
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8H
DtDypao8Wcj9tAcJ%20>
_____
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8H
DtDypao8Wcj9tAcJ>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
_____
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8H
DtDypao8Wcj9tAcJ%20> it now.
| | | |
| neilruston
Posts:59
| | 05/08/2008 11:39 AM |
| When reading this thread I too was "concerned" about compression latency
and ratios.
The OP should be mindful of the fact that compression consumes cycles
and this means the DC is slower to place packets on the wire than it
would be otherwise (cf intra site).
Secondly, as you suggest, I've found that compression ratios vary
depending upon the amount / type of data being compressed. I tested w2k3
way back and certainly found that ratios were better when compressing
larger amounts of data (*not* publicly available!).
This is somewhat moot with newer x64 high spec DCs and NIC offloading /
TCP chimney etc etc, but nevertheless, worth consideration.
neil
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: 08 May 2008 16:05
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
I am not positive but I also believe compression is still in place when
you enable change notification across sites. However... You will have
less data going across which will possibly impact the compession ratios
(i.e. the more data to compress, in general the better the ratios), this
was true with Windows 2000 AD x-site compress as evidenced by the tables
from "Windows 2000 Active Directory Notes from the Field" from MSPress
but I am not sure if I have seen anything with that level of detail
regarding the newer compression mechanisms MSFT is using. I would
certainly be curious to see that.
You will also have more overhead bytes overall for the replication
process itself... More TCP/IP handshaking packets, more RPC handshaking
packets, etc. so while the pure AD type data that you need to converge
could be identical or close or who knows (depending on how the
compression is impacted), you will definitely have more state
maintenance data going across. Whether that is worth worrying about or
not is probably academic because I doubt it would be enough to overcome
the desire to get to a *more* converged state *more* quickly.
Likely if you are really super concerned about data transfer size over a
specific wire, you are likely going to be specifying some sort of
schedule for replication anyway because the pipe will be used for more
than AD. I am thinking about satellite connections, wireless connections
(whether standard wireless or things like VLF/ELF), dialup, super bad
telcom lines, etc here.
You also have the point that Dmitri made concerning the versions of the
changes. I also agree with Dmitri that that likely isn't a real normal
case for most places, likely if you replicate every 15 minutes you are
already getting every version of an attribute update but if you do have
a replicated attribute that is getting popped every 10-15-60 seconds you
will be replicating more data from that. Active Directory according to
what I recall was designed to be primarily read and that is how most
people truly use it. If you need a bunch of updates constantly to the
same attributes you likely want to be looking at some sort of SQL
solution anyway not that I haven't seen occurences of people who
constantly push changes into AD on a very frequent basis. Its just
unusual in my experience.
In one design where I enabled change notification I set up sort of two
rings between the three regional datacenters (standard americas, emea,
asiapac layout). Three hub datacenters, each had 2 sites, an Exchange
site and the NOS site. The NOS sites were connected together in 3
sitelinks with change notification enabled. The Exchange sites were
connected together in 3 sitelinks with change notification enabled. The
Exchange and NOS sites in each location were connected with a site link
with change notification enabled. All WAN sites that spoked off from the
NOS sites were not change notification enabled. All told around 400 DCs
globally, can't recall the number in the hub sites but likely around 60.
Any change made on any DC in any of the hub sites (whether Exchange or
NOS) was converged very quickly across the globe hub sites (minutes tops
even if WAN sites were causing issues with *some* of the bridgeheads*
because there were multiple paths). Anyone who works with multiple RUS
instances in a very large distributed deployment can likely appreciate
the quick convergence this allowed. The WAN sites got pretty much any
change made in any datacenter site within 20 minutes but again that was
dependent on how busy the bridgehead DCs were. With K3 and the load
balancing of intersite connections that got even better.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dan Holme
Sent: Wednesday, May 07, 2008 9:39 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Yes, they are at Windows Server 2003 FFL.
But remember... the same number of bytes are going to go from Bridgehead
in Site A to Bridgehead in Site B no matter what.... It's just a matter
of when. I'd argue you're actually making better use of your bandwidth
by using Change Notification than not, because then you don't have a
"big bunch" of bytes going between sites every 15 minutes (or whatever),
but rather are "trickling" them. OK, there's a VERY small amount of
overhead with the "change notification" process itself, but the same
number of bytes are going over the link and
(JOE PLEASE CORRECT ME)
I believe that, even with Change Notification, the intersite replication
will continue to use compression
So, bottom line, regardless of your FFL, if 30 kbytes need to replicate
it MIGHT be better to let 6x5 kb (six changes - numbers are just
examples) trickle over every 2.5 minutes versus all 30KB at the "fifteen
minute" mark.
BTW: you might also argue that if you're NOT at WS2003FFL, Change
Notification is more crucial because you DECREASE the risk of
potentially conflicting changes to group membership during a replication
window!!! So from a security standpoint, I'm probably more interested
in convergence when a "non-converged" state might lead to
"human/business/security" problems.
Food for thought.
Dan
(combining branched threads)
FROM ERIC:
Dan -
Are they at the W2K3 FFL? I can see that it may be a problem without LVR
going.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 2:51 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Triggers for Change Notification Between Sites
Wow, I hate to say it, but I live for joe's posts hahah.. yes, I'm a
suckup. LOL. Seriously though, thank you for your overflow of AD
knowledge (everyone else too!)
It's good to know at least I was on the right track on how the whole
enable change notify process worked. I needed much clarification on
what to expect since I didnt get my expected result initially.
joe <listmail@joeware.net> wrote:
Possibly...
Assuming change notification was enabled properly, it works.
However the replication is still pushed through the bridgehead server
for the given site. You don't get a ring topology across the sites like
you have within a single site. It is a ring within the site and the
standard spanning tree for intersite. That means convergence isn't
coming from two different directions... you have a SPoF or more
accurately SPoL(atency). So say you have enough DCs in a site to get a
full 3 hop ring then change notification to another site could still
realistically be over a minute with default holdback timing, etc and not
even considering the time to process the churn involved. It could take
considerably over a minute if the bridgehead is busy (either dealing
with lots of work or it has a poor connection to a site and RPC is being
troublesome over that pipe). I have seen bridgeheads that have gotten
tied up for long periods of time (hours under W2K, tens of minutes under
2K3) when a single site was having network issues and it was causing
slowness of all replication going through that bridgehead.
More info... DCs only have single inbound pull replication
thread and the replication is pull based. So while DC-A can service many
DCs asking for updates, it can only pull from one DC at a time. So if
you have a bridgehead that is tied up pulling from say DC-C and DC-B has
changes for it, DC-B will send the change notification to the bridgehead
but it will have to finish with DC-C first before it gets to DC-B to get
the changes to be pulled by DCs in sites that that bridgehead services.
Confused yet?
There is also some implication in the thread about urgent
replication... Urgent replication is different than change notification
though it is related. Urgent replication just means you don't go through
the holdback period but nothing is truly urgently replicated, it is just
urgently queued. I.E. It hits the queue right away but has the normal
priorities of the other stuff queued so it isn't like it goes to the
head of the pack or anything.
This stuff was discussed in Dean and my presentation at DEC back
in 2006, pop out to Jadonex for the powerpoint about it and the info on
the queuing priorities, etc.
If you want to watch what is happening, go pick up ADQueueLoop,
AdFind (with -sc replqueue or -sc ncrepl switches), or repadmin (with
/queue switch) to see what is currently going through the queue or to
show the current queue in its entirely and play with those, you will see
the replication requests being queued up and processed. If you have two
sites (Site A and Site B) and two DCs (SA-DC1 and SB-DC1) and you watch
the Repl Queue on SB-DC1 and change notification is enabled between them
and then make a change directly on SA-DC1 then you should see a repl
request for SA-DC1 pop into the queue in a time dependent on the number
of DCs that are change notify enabled with SB-DC1. So if that is the
only DC with a change notification connection (i.e. no DCs in the site
with SA-DC1 and only the one change notification site) you would
normally expect to see something within 15 seconds.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Wednesday, May 07, 2008 5:25 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Triggers for Change Notification
Between Sites
I'm guessing you needed to sit out the replication interval for
the site link change.
As Dean said on k3 you should be seeing replication between
these sites converging in a matter of seconds now.
--brian
On Wed, May 7, 2008 at 4:38 PM, Rand Salazar
<rmscheck@yahoo.com> wrote:
Hmm is it just those three items?
Is a better definition, only changes deemed under Urgent
Replication are triggered under Site Link Change Notification?
I'm just trying to understand it more as now our test
environment is confusing me! Now it is replicating changes rather
quickly.. changes such as Exchange mailbox moves, descriptions,
renames, etc... These werent happening earlier.. Currently the rep
interval is set to 30 minutes. Earlier this morning the test
environment was replicating these changes after 30 mins. Now its
happening within a minute or so. Strange. Is this expected behavior or
am I barking up the wrong tree?
"Gustafson, Eric (Oldcastle Materials)"
<eric.gustafson@oldcastlematerials.com> wrote:
An article from the ActiveDir.org site;
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/artic
leId/40/Default.aspx
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, May 07, 2008 11:14 AM
To: Active Dir
Subject: [Act |
|
|