AD Intersite replication interval < 15 minutes - Possible?

Hi Folks,

Hoping one of your knowledgeable people can set my mind at rest on this one.

The AD intersite replication interval has a minimum value of 15 minutes.
However I'd like to create a new site that enjoys the benefits of intra-site
like replication (virtually instant) but has its own site affinity from its
partner "hub" site.

Through the wonders of google I came across change notification, which at
first glance appeared to offer what I'm after. I fired up adsiedit and made
the required change on the site-link object.

To test this I created a new OU on a dc in the hub site and waited for it to
show up on a DC in the partner site. I waited and waited and waited and
waited ... I think you're getting the story :)

Eventually after around 10 or so minutes the new OU popped up on the dc in
the partner site. The change notification amendment did not appear to make
any obvious difference to the replication interval.

Further Googling popped up a statement to the effect that change nofication
only applied to the urgent replication of certain attributes such as account
lockout status. This seems to make sense given the behaviour I'm seeing.

So can anyone definitely confirm that what I'm trying to achieve is not
possible?

Best Wishes

--
Peter <X-Files fan>




--
Peter <X-Files fan>

Howdie!

Trust No One® wrote:
> The AD intersite replication interval has a minimum value of 15 minutes.
> However I'd like to create a new site that enjoys the benefits of intra-site
> like replication (virtually instant) but has its own site affinity from its
> partner "hub" site.

Enable inter-site change notification, see:
http://www.frickelsoft.net/blog/?p=145

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

Florian Frommherz [MVP] wrote:
> Howdie!
>
> Trust No One® wrote:
>> The AD intersite replication interval has a minimum value of 15
>> minutes. However I'd like to create a new site that enjoys the
>> benefits of intra-site like replication (virtually instant) but has
>> its own site affinity from its partner "hub" site.
>
> Enable inter-site change notification, see:
> http://www.frickelsoft.net/blog/?p=145
>
Hi Florian,

Thanks for the link. Perhaps I didn't make it clear in my post, but I've
already enabled change notification on the appropriate site link object
using adsiedit.

I had assume that enabling change notification results in all AD changes (eg
creating a new user, OU etc) replicating instantly between the sites. I did
not observe this behaviour as the new OU I created still replicated
according to the 15 minute inter-site interval.

Best Wishes

--
Peter <X-Files fan>

Howdie!

Trust No One® wrote:
> I had assume that enabling change notification results in all AD changes (eg
> creating a new user, OU etc) replicating instantly between the sites. I did
> not observe this behaviour as the new OU I created still replicated
> according to the 15 minute inter-site interval.

It should. What does your AD structure look like? Assuming you have
enabled intra-site change notification on a site like, can you confirm
replication of changes uses the site link you configured?

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

Florian Frommherz [MVP] wrote:
> Howdie!
>
> Trust No One® wrote:
>> I had assume that enabling change notification results in all AD
>> changes (eg creating a new user, OU etc) replicating instantly
>> between the sites. I did not observe this behaviour as the new OU I
>> created still replicated according to the 15 minute inter-site
>> interval.
>
> It should. What does your AD structure look like? Assuming you have
> enabled intra-site change notification on a site like, can you confirm
> replication of changes uses the site link you configured?
>
Well you've set my mind at rest that this is how it is supposed to work :)

Our AD structure is a central hub site with a about 70 branch office sites
worldwide. "Bridge all site-links is disabled" and there are 70 site links
defined, each linking the hub site to one of the branch sites, matching our
network topology. Been in place for over 5 years now.

The new site I've created corresponds to our test lab and contains the
appropriate subnets. I've created a new site link containing this site and
the hub site. Automatic connection objects are in place between the DC
(virtual) in the new site and the DCs in the hub site. I've enabled change
notification on the site link as per the instructions.

I'll try deleting the connection objects and triggering the kcc manually.

I'm scratching my head. Can't see anything wrong.


--
Peter <X-Files fan>

Florian Frommherz [MVP] wrote:
> Howdie!
>
> Trust No One® wrote:
>> I had assume that enabling change notification results in all AD
>> changes (eg creating a new user, OU etc) replicating instantly
>> between the sites. I did not observe this behaviour as the new OU I
>> created still replicated according to the 15 minute inter-site
>> interval.
>
> It should. What does your AD structure look like? Assuming you have
> enabled intra-site change notification on a site like, can you confirm
> replication of changes uses the site link you configured?
>
As Homer Simpson would say .... DOH!

You were so right. I started going through the defined site-link objects and
it didn't take me long to discover I'd mistakenly left the new site I'd
created in the default site-link object :)

As the site in question appeared in two site link objects, the replication
did not appear to be using the site-link on which I'd defined change
notifications.

Now that I've corrected things, change notifications are working perfectly
and changed made in the testlab site show up straight away in the hub site
and vice-versa.

Thanks for that, it would have taken me ages to work this out if you hadn't
suggested that particular area of investigation.

--
Peter <X-Files fan>

Peter,

Trust No One® wrote:
> Now that I've corrected things, change notifications are working perfectly
> and changed made in the testlab site show up straight away in the hub site
> and vice-versa.
>
> Thanks for that, it would have taken me ages to work this out if you hadn't
> suggested that particular area of investigation.

great to read you got it sorted, thanks for the feedback. My next guess
would have been black magic as I couldn't imagine other faulty settings
or configuration errors.

I used to watch X-Files, too, btw.

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

enabling change notification is the way to go. in your case it should be
enabled at SITE LINK level so that all connection objects created based upon
that SL inherit the settings. That setting much reach the DCs in questions.
Then those DCs need to reconfigure their COs, which for intersite
replication is done by the ISTG. A process that runs on ONE DC in an AD
site. You can wait or force things a little bit.
To force things:
* Force inbound replication on the DCs in questions
* For the execution of the KCC either by using sites and services or by
using REPADMIN /KCC <DC>

after that things should start to work as needed

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"Trust No One®" <dana.scully@usa.xnet> wrote in message
news:6r3f87FfjfdaU1@mid.individual.net...
> Hi Folks,
>
> Hoping one of your knowledgeable people can set my mind at rest on this
> one.
>
> The AD intersite replication interval has a minimum value of 15 minutes.
> However I'd like to create a new site that enjoys the benefits of
> intra-site like replication (virtually instant) but has its own site
> affinity from its partner "hub" site.
>
> Through the wonders of google I came across change notification, which at
> first glance appeared to offer what I'm after. I fired up adsiedit and
> made the required change on the site-link object.
>
> To test this I created a new OU on a dc in the hub site and waited for it
> to show up on a DC in the partner site. I waited and waited and waited and
> waited ... I think you're getting the story :)
>
> Eventually after around 10 or so minutes the new OU popped up on the dc in
> the partner site. The change notification amendment did not appear to make
> any obvious difference to the replication interval.
>
> Further Googling popped up a statement to the effect that change
> nofication only applied to the urgent replication of certain attributes
> such as account lockout status. This seems to make sense given the
> behaviour I'm seeing.
>
> So can anyone definitely confirm that what I'm trying to achieve is not
> possible?
>
> Best Wishes
>
> --
> Peter <X-Files fan>
>
>
>
>
> --
> Peter <X-Files fan>
>

Jorge de Almeida Pinto [MVP - DS] wrote:
> enabling change notification is the way to go. in your case it should
> be enabled at SITE LINK level so that all connection objects created
> based upon that SL inherit the settings. That setting much reach the
> DCs in questions. Then those DCs need to reconfigure their COs, which
> for intersite replication is done by the ISTG. A process that runs on
> ONE DC in an AD site. You can wait or force things a little bit.
> To force things:
> * Force inbound replication on the DCs in questions
> * For the execution of the KCC either by using sites and services or
> by using REPADMIN /KCC <DC>
>
> after that things should start to work as needed
>
>
Thanks Jorge - I did get there in the end. Problems were down to user error
:)

In my digging I came across this snippet in a forum post deep in the bowels
of the petri.co.il site using Google cache;
--------
the value of site link notification disregarding Site link Schedule ,
here are the values available:
"1" - disregards Site link Schedule (as Intra-Site) , replicates with
compression
"4" - Replicates by Site link Schedule but without compression
"5" - disregards Site link Schedule (as Intra-Site) , replicates with out
compression
-------

So far I haven't come across this info on the Microsoft website, not that it
isn't there!

Can anyone comment on the above? The option value of "5" seems quite useful,
and would most closely emulate Intra-Site like replication.

--
Peter <X-Files fan>