Non-Authoritative vs Authoritative Restore in Active Directory
Restoring a Domain Controller has two flavours. They use the same backup, the same DSRM boot path, the same wbadmin command — but a single decision afterward changes the entire…
Tag: Replication
repadmin /replsummary: Decode Your Active Directory Replication Health
repadmin /replsummary is the single most useful command for telling you whether AD replication is healthy. One terminal, one keystroke, two columns of numbers that immediately surface every DC that’s…
The Concept of Lingering Objects in Active Directory (Causes, Detection, Cleanup)
A lingering object is a deleted AD object that didn’t get the “you’re deleted” memo before the memo itself expired. It sits on a long-disconnected DC, pretending to still be…
How Active Directory Replication Conflicts Are Resolved (Version, Timestamp, GUID)
Multi-master replication doesn’t prevent conflicts — it tolerates them. Two admins on two DCs can simultaneously edit the same attribute, create the same object, or move and delete things at…
Understanding the AD Replication Bridgehead Server (Selection, Failover, Pitfalls)
If every DC in every site talked directly to every DC in every other site, an N-site forest with M DCs per site would have N×M×(N-1)×M long-distance connections — explosive…
KCC: How AD’s Knowledge Consistency Checker Builds the Replication Topology
You never have to tell Active Directory “DC1 should replicate with DC2.” AD figures it out itself. The component that does the figuring is the Knowledge Consistency Checker (KCC) —…
AD Replication Frequency: Intra-Site (15 sec) vs Inter-Site (180 min) Explained
AD replication runs on two clocks. Inside a site, it’s near-realtime — 15 seconds after any change. Across sites, it’s scheduled polling — default 180 minutes, minimum 15 minutes, configurable…
How a Naming Context Replicates Between Two AD Servers (The 5-Step Cycle)
Active Directory replication is always pull-based, pairwise, and per naming context. Server A pulls from Server B for the Domain NC, then pulls again for the Configuration NC, then again…
How an AD Object’s Metadata Is Modified During Replication (USN, Version, Timestamp)
An AD object isn’t just a name and some attributes — it’s the attributes plus a per-attribute change diary. That diary, called replication metadata, is what makes inter-DC replication, conflict…
Multi-Master vs Single-Master Replication in Active Directory (FSMO Explained)
Active Directory uses two replication models side-by-side. Multi-master replication is the default and covers 99% of directory data — users, groups, computers, OUs, ACLs. Single-master replication covers the five FSMO…
How Active Directory Replication Actually Works (USN, DSA GUID, HWMV, UTDV)
Active Directory replication is the engine that keeps every domain controller’s copy of the directory in agreement. It’s also where most “weird” AD problems live — lingering objects, USN rollback,…
Troubleshoot On-Premise Active Directory (DNS Edition)
The three most common AD-DNS failure modes and how to fix each: clients pointing at the wrong DNS server (point at a peer DC + loopback, never the DC's own external IP); the AD-integrated zone gone missing (recreate as Primary AD-integrated, restart Netlogon to re-register SRV records, verify with dcdiag /test:dns); and inter-DC replication broken (repadmin /replsummary, /showrepl, /syncall /A /e /P, plus time skew and firewall checks). Includes the four-tool diagnostic kit (nslookup SRV / dcdiag / repadmin / Event Viewer Directory Service) and 7 common pitfalls.