Change Domain Controller Replication Interval

Facebookgoogle_plus

This article stands mostly for organizations that may have branch offices in different countries, so that any change that each domain controller writes to active directory should be replicated to all other domain controllers on each country on the intra site.
This process will actually urge the replication time between the domain controllers and “inform” quicker about the change in active directory- that’s what we call replication latency. Change stands for any issue regard to active directory: create or delete user, group etc. note that operation that requires an immediate outcome replicate much faster than default, for example: changing user password. 
Note that the more the organization is big and use more domain controllers, the harder to implement a directory service solution that will handle synchronized replication between all sites. One of the biggest challenges is to sync the directory services clock that located in other geographical areas and may be affected with any little change.any difference of time larger than 10 minutes between two domain controllers might break the authentication between them managed by Kerberos authentication method.
When installing read-only domain controllers on a Windows 2008 R2 environment, replication between domain controllers might go a bit faster then read-write domains.
Repadmin is a great tool for urging the replication between Dc’s. the tool for windows 2003 server may be found here

For windows 2008 R2 it can be downloaded from here

To make immediate replication we may use the MMC snap-in called “active directory sites and services” as follow:
1. On the windows 2003\2008 server <go to “Start” < “run” < type “MMC” < “file” < “add \remove snap in” < choose the “Active Directory Sites and Services” < press “OK”.
2. Browse to Sites <”your_site_name” < “servers” <”Your_server_name”> NTDS Settings
3. Right click the name of the connection < click “Replicate Now”.

To automatically schedule the synchronization times do the follow:
1. On the windows 2003\2008 server <go to “Start” < “run” < type “MMC” < “file” < “add \remove snap in” < choose the “Active Directory Sites and Services” < press “OK”.
2. Browse to Sites < Inter Site Transports < IP
3. Right click requested site link < click “Properties”
4. At the bottom of the windows there is a “replication every” jump box < increase or decrease it as needed < change the cost as needed (this is the prioritization method to decide which domain controller will update the global catalog ) < click “OK”.

In case that a change was made to the active directory by one of the domain controllers, it automatically starts a process to update all other domain controllers’ replications. Its possible to control the time between modifying the active directory and starting the first replication to another domain controller in the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\ Replicator notify pause after modify (Key)\ REG_DWORD for specify the time (default value is 15 seconds)

Once a domain controller modified the active directory, there is also a key in registry which controls the time that all other domain controllers get notified about the change. If a huge organization for example want to replicate many changes and bandwidth restrictions may cause problems – then the key may be set in all domain controllers to replicate only in night hours or on a specific time.
The key is located under:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters Replicator notify pause between DSAs (key) in seconds\ REG_DWORD for specify the time (default value is 3 seconds)