Immediate AD DNS Replication - OpenTechTips

• Skip to primary navigation
• Skip to main content
• Skip to primary sidebar
• Skip to secondary sidebar

Home » Immediate AD DNS Replication

Any kind of AD changes need to be registered on a writable domain controller. These changes include adding, modifying or deleting user- or computer accounts, group policy objects, etc. When these changes are actioned on a member DC, it takes time for that change to replicate to all other domain controllers across the domain.

In this lab we take a look at triggering instant replication of both AD objects and their special subset: DNS zones.

We use the following topology in our lab: two AD sites, one called NY and contains DC01, the other is called CA and contains DC02 and DC03 domain controllers. The link cost between the two sites is set to 1000. All servers have replication-connections with all the others, forming a proper mesh topology.

I. Active Directory Replication

1. Intra-Site replication

Replication is almost instantaneous between domain controllers in the SAME AD site. When a change happens, the source DC waits 15 seconds and then it starts notifying the partner DCs of the change, if there are multiple partners, notifications are sent 3 seconds apart to each separately. After they receive the notifications, each of them will request replication from the source.

2. Inter-Site replication

Replication between sites happen less frequently to save precious bandwidth, as sites are usually connected with slower WAN connections. By default, inter-site replication happens every 180 minutes, but can be set as low as 15 minutes if needed, using the Active Directory Sites and Services snippet.

To trigger an immediate replication cycle, use the following command on a member DC:

repadmin /syncall /APed

This will trigger replication across the whole domain between all connected DCs.

Switches:

• /syncall Synchronizes a specified domain controller with all replication partners
• /A Synchronizes all naming contexts that are held on the home server
• /P Pushes changes outward from the specified domain controller
• /e Synchronizes domain controllers across all sites in the enterprise. By default, this command does not synchronize domain controllers in other sites
• /d Identifies servers by distinguished name in messages

II. DNS Replication

1. Intra-Site replication

Replication of domain record changes inside a single AD site is almost as instant as AD object replication, in our tests we added the "NewIntraTest.protectigate.com" A record on DC02. The new record was replicated within 2 minutes to DC03, without any intervention.

2. Inter-Site replication

Similar to the AD replication cycle, when we make DNS changes on a DC and force replication to push out changes to the other domain controllers, the DNS records are replicated as well.

However, DNS changes are polled every 15 minutes by default for AD integrated zones.

To speed up that process we can use the following command to update the zone records on the target DC after AD replication, but before DNS polling

dnscmd /zoneupdatefromds protectigate.com

So remember: first use the repadmin command ON THE SOURCE DC, where the change happened. Then use the dnscmd command ON THE TARGET domain controller, where we want to replicate the DNS changes!

The following diagram shows successful instant inter-site DNS replication.

* the polling frequency can be set to hourly, 30min, 15min (default), or no polling in the AD Sites and Services snippet, right-clicking on individual server connections, Properties and click on "Change Schedule"

Reader Interactions

Comments

1. curious

   Reply

Comments Cancel reply

Your email address will not be published. Required fields are marked *

Comment *

Name *

Email *

Primary Sidebar

Secondary Sidebar

CONTENTS

• I. Active Directory Replication
• 1. Intra-Site replication
• 2. Inter-Site replication
• II. DNS Replication
• 1. Intra-Site replication
• 2. Inter-Site replication

Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Statistics Marketing Features Always active Always active

• Manage options
• Manage services
• Manage {vendor_count} vendors
• Read more about these purposes

Accept Deny Manage options Save preferences Manage options

• {title}
• {title}
• {title}

Manage your privacy To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Statistics Marketing Features Always active Always active

• Manage options
• Manage services
• Manage {vendor_count} vendors
• Read more about these purposes

Accept Deny Manage options Save preferences Manage options

• {title}
• {title}
• {title}

Manage consent Manage consent