Active Directory Replication Types

There is:

  • Intrasite Replication
  • Urgent Replication
  • Intersite Replication
  • Intersite Change Notification Replication
  • Reciprocal Replication
  • Immediate Replication
  • Manual Replication

Replication between Domain Controllers (DC’s) occurs without administrative intervention. Replication provides the multimaster database that AD uses to allow all DC’s to have equivalent objects within a given time frame so an object modified at one location can be stored and forwarded to all other DC’s in its domain. How quickly objects are replicated to the rest of the domain, by an individual dc, is computed by the replication rules that exist and/or applied against them.

Intrasite Replication:

Replication between DC’s within a site don’t need to worry about connectivity speed, so the connections between dc’s are optimized for speed. Intrasite Replication within a site notifies a partner DC 15 seconds after a change has occurred and all subsequent DC’s it communicates are delayed by 3 seconds. For Windows 2000’s partners the initial time delay was 300 seconds (5 minutes) and subsequent partners was 30 seconds. So after the delay a partner DC is notified that the notifier has an update. It is up to this partner DC to request the modification. The notifying DC only notifies, it doesn’t push the change. It is up to the notified DC to pull the change. Also, all DC’s within a site are never more than 3 hops away from all other DC’s due to the KCC generating a bidirectional ring topology. This also ensures a quicker convergence within a site.

Urgent Replication:

Urgent notification is just that, it is not bound by the 15 second (Or 5 minutes) time delay of Intrasite Replication. Partner DC’s are immediately notified of changes, this only holds true for intrasite DC’s except if change site notification is enabled.

Intersite Replication:

DC’s between sites don’t follow the same set of rules that intrasite replication does. Changes between sites are setup on a schedule. The schedule is broken up in 15 minute increments, this schedule can also be set to only allow changes to occur at certain times of the day, thereby saving bandwidth at key points of time. The shortest time span for intersite to occur is 15 minutes and the longest is once a week. Note once replication begins between DC’s, the process will not stop until complete. So you won’t have to worry about incomplete replication activity due to time constraints.

Intersite Change Notification Replication:

With bandwidth pipes becoming cheaper and available, many organizations are becoming more well connected, 15 minutes can be a long time. Imagine having to wait for a password unlock not being reset in the proper site and having to wait 15 minutes for replication to occur. Obviously you can force replication but the point is 15 minutes between sites sometimes just isn’t realistic. To bypass the scheduled notification delays you can enable, Intersite Change Notification. Once enabled partners in different sites will be treated equivalently as intrasite replication, with the exception this only holds for NTDS, NTFRS still works on the schedule.

Reciprocal Replication:

Sometimes connectivity isn’t always available, for example a Navy/Cruise ship or a dial up connection. With this type of topology both sides need to take advantage of the connect time, so both sides can replicate at the same time. So when the remote site connects up to the Data Center the replication pair should both request and receive any delta’s that are available. Hence, replication is initiated on the basis of change rather than on a schedule.

Immediate Replication:

If an administrator resets a password for a user who has forgotten their password, the change is immediately replicated back to the PDCe. This isn’t a situation where the PDCe is notified about the change but instead the change is immediately pushed to it. The reason this is so important is that if a user attempts to logon and the password they attempt to use fails, the DC will send the hash from the password (Password itself is never sent over the wire) back to the PDCe to check to see if the password is correct, since there is latency in replication.

Manual Replication:

Manual replication is triggered by the admin. This can occur from either the repadmin command or from AD Sites and Services. This will cross intersite replication schedules if requested. So if you have a Lag Site and the network is enabled, even though your site isn’t scheduled to replicate for possibly days a forced replication will cause the replication to occur. So you need to be aware of this, in a lag site I had set up I had a schedule task that actually enabled and disabled replication to prevent this.


Windows Commands

Control Panel

•CONTROL: opens the control panel window
•CONTROL ADMINTOOLS: opens the administrative tools
•CONTROL KEYBOARD: opens keyboard properties
•CONTROL COLOUR: opens display properties.Appearance tab
•CONTROL FOLDERS: opens folder options
•CONTROL FONTS: opens font policy management
•CONTROL INTERNATIONAL or INTL.CPL: opens Regional and Language option
•CONTROL MOUSE or MAIN.CPL: opens mouse properties
•CONTROL USERPASSWORDS: opens User Accounts editor
•CONTROL USERPASSWORDS2 or NETPLWIZ: User account access restrictions
•CONTROL PRINTERS: opens faxes and printers available
•APPWIZ.CPL: opens Add or Remove programs utility tool
•OPTIONALFEATURES: opens Add or Remove Windows component utility
•DESK.CPL: opens display properties. Themes tab
•HDWWIZ.CPL: opens add hardware wizard
•IRPROPS.CPL: infrared utility tool
•JOY.CP: opens game controllers settings
•MMSYS.CPL: opens Sound and Audio device Properties. Volume tab
•SYSDM.CPL: opens System properties
•TELEPHON.CPL: Opens phone and Modem options
•TIMEDATE.CPL: Date and Time properties
•WSCUI.CPL: opens Windows Security Center
•ACCESS.CPL: opens Accessibility Options
•WUAUCPL.CPL: opens Automatic Updates
•POWERCFG.CPL: opens Power Options Properties
•AZMAN.MSC: opens authorisation management utility tool
•CERTMGR.MSC: opens certificate management tool
•COMPMGMT.MSC: opens the Computer management tool
•COMEXP.MSC or DCOMCNFG: opens the Computer Services management tool
•DEVMGMT.MSC: opens Device Manager
•EVENTVWR or EVENTVWR.MSC: opens Event Viewer
•FSMGMT.MSC: opens Shared Folders
•NAPCLCFG.MSC: NAP Client configuration utility tool
•SERVICES.MSC: opens Service manager
•TASKSCHD.MSC or CONTROL SCHEDTASKS: opens Schedule Tasks manager
•GPEDIT.MSC: opens Group Policy utility tool
•LUSRMGR.MSC: opens Local Users and Groups
•SECPOL.MSC: opens local security settings
•CIADV.MSC: opens indexing service
•NTMSMGR.MSC: removable storage manager
•NTMSOPRQ.MSC: removable storage operator requests
•WMIMGMT.MSC: opens (WMI) Window Management Instrumentation
•PERFMON or PERFMON.MSC: opens the Performance monitor
•MMC: opens empty Console
•MDSCHED: opens memory diagnostics tools
•DXDIAG: opens DirectX diagnostics tools
•ODBCAD32: opens ODBC Data source Administrator
•REGEDIT or REGEDT32: opens Registry Editor
•DRWTSN32: opens Dr. Watson
•VERIFIER: opens Driver Verifier Manager
•CLICONFG: opens SQL Server Client Network Utility
•UTILMAN: opens Utility Manager
•COLORCPL: opens color management
•CREDWIZ: back up and recovery tool for user passwords
•MOBSYNC: opens Synchronization center
•MSCONFIG: opens System Configuration Utility
•SYSEDIT: opens System Configuration Editor (careful while using this command)
•SYSKEY: Windows Account Database Security management (careful while using this command)

Windows utility and applications

•EPLORER: Opens windows Explorer
•IEXPLORER: Opens Internet explorer
•WAB: opens Contacts
•CHARMAP: opens Character Map
•WRITE: opens WordPad
•NOTEPAD: opens Notepad
•CALC: opens Calculator
•CLIPBRD: opens Clipbook Viewer
•WINCHAT: opens Microsoft Chat Interface
•SOUNDRECORDER: opens sound recording tool
•WMPLAYER: opens Windows Media Player
•MOVIEMK: Opens untitled Windows Movie Maker
•OSK: opens on-screen Keyboard
•MAGNIFY: opens Magnifier
•WINCAL: opens Calendar
•DIALER: opens phone Dialer
•EUDCEDIT: opens Private Character Editor
•NDVOL: opens the mixer volume
•RSTRUI : opens Tool System Restore (For Vista only)
•%WINDIR%\SYSTEM32\RESTORE\rstrui.exe: opens Tool System Restore (for XP only).
•MSINFO32: Opens the System Information
•MRT : launches the utility removal of malware.
•Taskmgr : Opens the Windows Task Manager
•CMD: opens a command prompt
•MIGWIZ: Opens the tool for transferring files and settings from Windows (Vista only)
•Migwiz.exe: Opens the tool for transferring files and settings from Windows (for XP only)
•SIDEBAR: Open the Windows (Vista only)
•Sigverif : Opens the tool for verification of signatures of files
•Winver : Opens the window for your Windows version
•FSQUIRT: Bluetooth Transfer Wizard
•IExpress opens the wizard for creating self-extracting archives. Tutorial HERE
•MBLCTR: opens the mobility center (Windows Vista only)
•MSRA : Opens the Windows Remote Assistance
•Mstsc : opens the tool connection Remote Desktop
•MSDT: opens the diagnostic tools and support Microsoft
•WERCON: opens the reporting tool and solutions to problems (for Vista only)
•WINDOWSANYTIMEUPGRADE: Enables the upgrade of Windows Vista
•WINWORD : opens Word (if installed)
•PRINTBRMUI : Opens migration wizard printer (Vista only)

Disk management

•DISKMGMT.MSC: opens disk management utility
•CLEANMGR: opens disk drive clean up utility
•DFRG.MSC: opens disk defragmenter
•CHKDSK: complete analysis of disk partition
•DISKPART: disk partitioning tool

Connection management

•IPCONFIG: list the configuration of IP addresses on your PC (for more information type IPCONFIG/? in the CMD menu)
•INETCPL.CPL: opens internet properties
•FIREWALL.CPL: opens windows firewall
•NETSETUP.CPL: opens network setup wizard

Miscellaneous commands

•JAVAWS: View the cover of JAVA software (if installed)
•AC3FILTER.CPL: Opens the properties AC3 Filter (if installed)
•FIREFOX: Mozilla launches Firefox (if installed)
•NETPROJ: allow or not connecting to a network projector (For Vista only)
•LOGOFF: closes the current session
•SHUTDOWN: shut down Windows
•SHUTDOWN-A: to interrupt Windows shutdown
•%WINDIR% or %SYSTEMROOT%: opens the Windows installation
•%PROGRAMFILES%: Opens the folder where you installed other programs (Program Files)
•%USERPROFILE%: opens the profile of the user currently logged
•%HOMEDRIVE%: opens the browser on the partition or the operating system is installed
•%HOMEPATH%: opens the currently logged user C: \ Documents and Settings \ [username]
•%TEMP%: opens the temporary folder
•VSP1CLN: deletes the cache for installation of the service pack 1 for Vista
•System File Checker (Requires Windows CD if the cache is not available):
•SFC / scannow: immediately scans all system files and repairs damaged files
•SFC / VERIFYONLY: scans only those files system
•SFC / Scanfil = “name and file path”: scans the specified file, and repaired if damaged
•SFC / VERIFYFILE = “name and file path”: Scans only the file specified
•SFC / scanonce: scans the system files on the next restart
•SFC / REVERT: return the initial configuration (For more information, type SFC /? In the command prompt CMD

VMware ESX Server and ESXi Server

1. VMware ESXi Server has no service console.
The traditional (full) ESX Server has a special built-in virtual machine called the “service console”.

2. VMware ESXi Server uses RCLI instead of service console utilities.
As ESXi doesn’t have any CLI with VMware-related or Linux utilities, VMware needed to provide a CLI interface to ESXi. What VMware came up with is the Remote Command line Interface (RCLI).

3. VMware ESXi Server is extremely thin = fast installation + faster boot.
The service console has been removed from ESXi, the footprint in memory has been reduced to just 32MB. You can run a hypervisor, allowing you to run virtual machines on your server, with just 32MB of RAM overhead. In comparison, the full ESX Server on disk footprint is about 2GB.

4. VMware ESXi Server can be purchased as an embedded hypervisor on hardware.
While ESXi is so small that it can be easily installed and can even be booted from a USB Flash disk, what is truly unique about ESXi is that it is being sold by hardware vendors as a built-in hypervisor.

5. VMware ESXi Server has a “yellow firmware console”.
Instead of the full ESX Server “service console” boot (which looks like a Linux server booting), ESXi has a tiny “Direct Console User Interface (DCUI)”.

6. VMware ESXi Server has server health status built in.
With ESXi some hardware monitoring features are built into the hypervisor. With ESX Server, this is not yet built in. Instead, you must install hardware monitoring software in the service console.

7. VMware ESXi Server requires fewer patches and less rebooting.
The full ESX server essentially has a modified Linux system as the service console, there are many patches that have to be deployed to keep it secure. With ESXi, on the contrary, the server has very few patches that need to be applied. Because ESXi has no service console and it is considered more secure and more reliable. Security, Reliability, and Maintainability, are all major factor when considering a hypervisor.

What is ARP/RARP?

What is ARP/RARP?

ARP: Stands for Address Resolution Protocol…whenever a request is sent by a node on one network to the node on another network the Physical address(MAC) is required and for this the IP address need to be flow over the network..whenver a router with that network (IP) gets the msg. the required MAC address is sent through the network this process of converting the IP address to MAC address is Called ARP..and the reverse thats the convertion of the Mac address to the IP address is called RARP ( Reverse Address Resolution Protocol)

AD Health Checking

AD Health Checks

As a matter of course, I always start my troubleshooting of any funky network issues with a standard set of Active Directory health checks. This is the blog post I’ve used for a few years now: (

After doing this several hundred times, I finally got around to writing a batch file to run all of the checks in sequence. Below is the text for the script. Paste this into a .bat, create the ADLogs folder and then change the file location appropriately and you’ll be all set. Good Luck!


echo off

REM ###########################################

REM    AD Health Check batch file. This runs standard health

REM    checks in Active Directory and puts the results into

REM    the D:\ADLogs directory.

REM    Written by: Matt Richardson

REM    Last Update: 9/2/2011

REM    Reference: 06/03/2008 Blog post by MSMVP BrianM

REM ###########################################

echo The following AD Health Checks are now running: dcdiag, netdiag, dhcp, and repadmin. Your results can be found in D:\ADLogs.

title AD Health Check Now Running…..

REM The real work begins here

dcdiag /v >> d:\ADLogs\dcdiag.txt

netdiag.exe /v >> d:\adlogs\netdiag.txt

netsh dhcp show server >> d:\adlogs\dhcp.txt

repadmin /showreps >> d:\adlogs\showreps.txt

repadmin /replsum /errorsonly >> d:\adlogs\repadmin_err.txt

title AD Health Check Complete!

echo AD Health Check Complete!

timeout 10


UPDATE for Server 2008

I have updated the script to give a more complete look at the domain with the addition of the /c switch on the dcdiag command, and removed the netdiag command which has been essentially removed from 2008.

echo off

REM ###########################################

REM    AD Health Check batch file. This runs standard health

REM    checks in Active Directory and puts the results into

REM    the c:\ADLogs directory.

REM    Written by: Matt Richardson

REM    Last Update: 1/25/2012

REM    Reference: 06/03/2008 Blog post by MSMVP BrianM

REM ###########################################

echo The following AD Health Checks are now running: dcdiag, dhcp, and repadmin. Your results can be found in c:\ADLogs.

title AD Health Check Now Running…..

REM The real work begins here

dcdiag /c /v >> c:\ADLogs\dcdiag.txt

netsh dhcp show server >> c:\adlogs\dhcp.txt

repadmin /showreps >> c:\adlogs\showreps.txt

repadmin /replsum /errorsonly >> c:\adlogs\repadmin_err.txt

title AD Health Check Complete!

echo AD Health Check Complete!

timeout 10


User Request – Get Rid of IE’s “Security Information” Prompt for Secure Sites

I’m always eager to learn some Internals, whether its Windows, Office or Internet Explorer. A request from one of our high-profile user provided me this chance. She wanted me to prevent the following message prompt from appearing when she visited secure sites (she did this a lot as part of her work): “This page contains both secure and nonsecure items. Do you want to display the non secure items?

Actually, turning this off is no big deal: go into IE’s Security tab > Internet Zone > Custom Level > Display mixed content and change the setting from Prompt to Enable. However, this setting is often enforced via group policy as part of the standard default security for Internet Security and the setting will eventually end up being reset again. To workaround that, I decided that best way to do this would to be to create a VB script and place it in the user’s startup folder in C:\Documents and Settings\username\Start Menu\Programs\Startup.

To find the registry key(s) involved, I turned to Process Monitor to gather a trace of registry operations in IE when I toggled the radio options. I applied a filter to only trace activity on iexplore.exe and afterward ran a search for key words like Mixed or Content, which revealed the registry keys I needed to focus on:

I right-clicked one of the registry paths and used the Jump to feature to automatically open the registry and go to any of the keys above:

The key and sub-keys here are not actually responsible for enforcing the this setting in IE. They actually point a different portion of the registry that contains the zone information for the Internet. I ignore RegPoliciesPath since this doesn’t exist and focus on RegPath and the ValueName is 1609. One important note here: I don’t want this change to apply to all users on the computer, just our demanding, high-profile user. So instead of navigating to HKEY_Local_Machine I went to the same key in HKEY_Current_User. The zone we are interested in is zone 3, the Internet zone:

The values here can be 0, 1, or 3. 0 = action is permitted. 1 = prompt appears (the one I want to get rid of). 3 = prohibit action. I want to change 1 to 0.

Knowing this, a short vb script is thrown together with notepad:

const HKEY_CURRENT_USER = &H80000001
strComputer = “.”
SetStdOut = WScript.StdOutSet oReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” &_
strComputer & “\root\default:StdRegProv”)

strKeyPath = “Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\”

strValueName = “1609”
dwValue = 0
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue

The downside to this is that this demanding high-profile user makes you their go-to person for everything.

Now, if you’re thinking that a more simple approach is to just add the site to your Trusted sites, yes, this works, but this is negated by another security warning:

This, too, could be turned off but eventually GP would reset

%d bloggers like this: