Wednesday, March 26, 2014

Faster Active Directory Replication - Decrease Intersite Replication Interval to Seconds

Enable Fast Domain Controller Replication

Active Directory Intersite Replication Interval Enable Faster AD and DNS updates

Enable Faster Active Directory AD and DNS Replication Updates Between Sites 

Although for some newer administrators making changes to Active Directory could be a nerve rattling proposition, making this change to speed up active directory replication can only be accomplished using this method. Using the standard GUI Microsoft Management Consoles to make the change to speed up Active Directory replication is not possible. The best result of using administrator consoles will be to increase domain replication between domain controllers to 15 minutes. These large time values were instituted into Active Directory at version 1 because inter-site connections during that era of computing and networking were much lower in bandwidth with the most common being frame-relay or 56k circuits. Since then, inter-site connections and the Internet speeds have increased tremendously so faster domain controller replication is possible even over wan links. 

Fast Intersite Replication Interval - Speed up DC Replication, Updates are in Seconds 

To enabled faster Intersite Replication, to nearly the speed of intra-site or LAN replication, use ADSI Edit.

Start ADSI edit and go to
   Configuration > then Sites > Inter Site Transports > IP. 

Note this setting cannot be enabled for SMTP InterSite links.
Unless it has been renamed, right click on  the default Intersite link and choose properties. Then scroll down to the options line. Double-click and change the value to 1 if it has a value .

  is the default unless this option has been previously modified.  Once changed to 1, click OK twice to save and close the properties window.
Force a replication using Sites and Services so this setting get pushed/pulled to the other domain controllers.

Faster AD DNS Replication Updates Between Sites and Domain Controllers. 

Test by creating a test account in AD, I use 123, 1234, 111, etc., just so the test account was at the top of the list in AD users and computers. Check your other domain controller or controllers for the new account. You will see it appear in 15 seconds or less. I was getting an average of about a 2 second delay for the test account to appear. Delete the account from the other domain controller and see it get removed in less than 15 seconds on the original domain controller you were working from.