Can someone please help me with the following question regarding Active Directory replication
I have been reading a number of in-depth articles on AD replication including this onehttps://technet.microsoft.com/en-us/library/cc772726(v=ws.10).aspx I have not read the whole of this document at present but I do have a question about what I have read thus for, and hoping someone can answer it for me.
Keeping things simple, let say we have two Domain Controllers DC1 and DC2 and we have two user objects User1 and User2 both created on DC1
Now each user is an instance of a class and has its own attributes (based on the attribute Schema for that class)
The first thing I want to clarify is with regards to USN (update sequence number)
As far as I can see there are a number of USN to take into account (please correct me if/where I am wrong)
- USN for the partition as a whole (e.g. defaultNamingContext partition holding the user, groups etc.) My understanding is the is ‘one USN per DC per partition’ which represents the last update (add, delete, amend (e.g. change telephone number of a user object), move) which has happened across all objects it holds in that given partition. For example, if you started off with a USN of 1 and added 10 users object the USN would not be 11, if you then removed one user object the USN would increment to 12 and if you changed the telephone number of one user and the department of another user the USN would increment to 14.
Question: Is my understanding in 1 above correct? And if not please explain where/why, thanks.
- As far I can (see from reading the document in the above link) ‘each object’ (e.g. user, computer, group etc.) in the partition has its own USN (I think of this as the local USN), in fact I think it has two which I am thinking of as the Local USN and the uSNChanged. For example, if we again start off with 10 user objects (as above) the partitions USN is 11, however each user object has a USN of 1 (as only one event has occurred per user e.g. it has been created, and this creation is not influenced by the creation of the other users and thereby each users own USN is not incremented when other users are added) Next we have to think about the updating and modification of individual attributes of a user object (as I understand AD replication replicates at the attribute level rather than the object level). Leaving aside linked/multi-values attributes for a moment, If I add a ‘telephone number’ and a ‘department name’ to UserA, (both in the same transaction). Then latter I go back to UserA and change the department to something else. I have made three changed to UserA but in only two separate transactions.
Assuming ‘all’ attributes (for UserA) started off with a USN of 1. Then after the first update the USN for both the telephone number and department attributes would have a USN of 2, and the USN for the city attribute would have a USN of 1 (as that was not updated). After the second update the USN for attribute department would 3 and the USN for telephone would remain at 2 and the USN for city would remain at 1. Also, as we have now made ‘committed’ two separate transaction changes (e.g. saved a set of changes twice, even though we had two changed in the first commit) the USN for the partition as a whole would be incremented by 2
I also understand, that each individual object maintains a USN known as the uSNChanged for the ‘overall’ object which is incremented when one or more of the objects attributes are updated. For example, if objects department name is updated the uSNChanged is incremented by 1, then is the objects telephone number is updated the uSNChanged is incremented by 1 again. Therefore, uSNChanged should always be higher than or equal too and given attribute USN (assuming attributes changes have their own USN)
Question: Is it correct to say each update to UserA has its own ‘attribute level USN’ which is separate from the partitions overall USN?
Question: Is my understanding of uSNChanged correct?
Question: Assuming ‘the individual attributes’ of an object each have their own USN, is my assumption of how these USNs (and the objects uSNChanged) are updated, compare with the overall partitions USN update behaviour (e.g. every time a change is made within the partition to an object or one of the objects attributes) correct?
Question: If ‘the individual attributes’ do not have their own USN numbering system, how does AD archive ‘attribue level’ as opposed to object level replication between DCs (e.g. just send the changed attributes, rather than all attributes for the whole object)
EBrant