Monday, July 30, 2018

Fast Active Directory Replication and Change Notification

This setting also can affects the Bridgehead settings for AD (please refer to my post on Bridgehead settings). Active Directory site links have three key attributes governing efficiency: schedule, cost, and interval. They also have a feature called “change notification” that is not exposed in the GUI. The table below summarizes defaults versus today’s recommended practices:

Default
Recommendation
Schedule
24 x 7
24 x 7
Cost
100
100 *
Interval
180 minutes
15 minutes
Change Notification
Disabled
Enabled *
* Tweak as appropriate.
Active Directory Topology should be looked at when the organization is looking at making changes to departments, adding or removing locations and as an overall ongoing audit to ensure what was implemented matches what was designed. The is a free tool will draw a Visio diagram of your sites and links. 

 A useful tool Microsoft Active Directory Topology Diagrammer can be helpful for auditing your AD site topology to keep what was implemented to the intended design. Continuously verifying your AD can help ensure that major changes are planned out and implemented correctly; not hastily.

To implement Change Notification:
Open ADSI Edit the Configuration Server (not shown below)

If your missing the Configuration Server from your list; you need to make a new connection for the configuration: Right Click on ADSI Edit and Select Connect

The Following popup will come up. On Connection Point press the second radio “Select a well-known Naming Context:”

Select “Configuration” from the Dropdown menu

Hit OK
Once that is done browsse though Configuration -> CN=Sites -> CN=Inter-Site Transports -> CN=IP and click on CN=DEFAULTIPSITELINK and right click and select properties as shown below.

To Enable change notification you have to add the value 1 to the “options” option. Now if you can’t find the “options” option it would be because of the filter settings in ADSI Edit.


By Default the “options” option blank and the default value is setup to only display attributes that have values.
You need to uncheck the “Show only attributes that have values” and then you can find the “options” setting and set it to 1.







Then Hit Ok and Apply. Now we need to make 2 registry entries to enable change notification on our AD controllers.

Option Value = 1 -> Change Notification with Compression

Option Value = 5 -> Change Notification with no Compression


On our AD controllers we need to add 2 registry (Dword32) key entries.  If they are not there add them.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Replicator notify pause after modify (secs)

set to 15 seconds (tweaking may be required based on infrastructure)

and

Replicator notify pause between DSAs (secs)

set to 3 seconds (tweaking may be required based on infrastructure)


References:

http://pctechgo.blogspot.com/2014/03/active-directory-intersite-replication.html
https://blogs.technet.microsoft.com/qzaidi/2010/09/23/enable-change-notifications-between-sites-how-and-why/
https://blogs.technet.microsoft.com/ashleymcglone/2011/06/29/report-and-edit-ad-site-links-from-powershell-turbo-your-ad-replication/
https://blogs.msdn.microsoft.com/canberrapfe/2012/03/25/active-directory-replication-change-notification-you/
https://blogs.technet.microsoft.com/markmoro/2011/08/05/you-are-not-smarter-than-the-kcc/
-
Labels: , , ,

How to fix CURL call imporitng an RSS feed on a site blocking CURL calls

There is a 3rd party service provider that my organization uses called bibliocommons.  They have these nice book carousels.  However the car...