Speeding up Active Directory Replication

[n00bius]

Quick question, my domain (for some ungodly reason) has four domain controllers, two in a blade chassis and two out. Wanted to know what I could do to speed up replication, Had an issue yesterday where we'd create an account and it took about a minute to reach that users login server...annoying. I mean i'd understand if there was a great deal of space between them, but they're in the same room, on the same gigabit switch...on the same subnet, what gives?

[thehorse13]

One minute is considered normal replication time given your general description of your AD architecture. Have you considered what actually takes place when you add accounts in AD? It has to do quite a bit of writing and verifying when it sets up accounts. I'd recommend having a look at the technet whitepapers. Once you see that, you should feel better about the time it takes to populate the GC.

--TH13

[Nokia]

One way to speed it up (although if it only takes a minute to replicate anyway you probably won't see a difference) is to host the GC on all domain controllers - MS say only one DC should be host the GC for various reasons, but if you have more than one then as long as all DC's have the GC local to it then there won't be any problems - unless you have Exchange installed on a DC - if you do, then this should not host the GC.

This will reduce replication timings a little bit, but due to the way replication works (Inf master talking to the PDC etc) one miniute is considered pretty good.

You can change it to replicate over IP instead of RPC in the AD Sites and Services too - this will help with speed.

All of the above normally only really applies if you have drastic replication issues though (10 minutes or so)..

[n00bius]

hmm, understood. What's the going rate for DC to User ratio? Like how many users would a network have to have to need more than two servers?

[thehorse13]

Very easy to determine.

See figure 4.5

http://technet2.microsoft.com/window....mspx?mfr=true