Introduction
Active Directory Domain Services (AD DS) presents a single logical directory to administrators and applications, but underneath that abstraction is a distributed, multi-master database that is stitched together by site topology and kept consistent by replication. When topology is well designed, replication is predictable, domain controller (DC) location is fast, and changes converge across the forest within expected service-level windows. When topology drifts from the physical network—or when replication metadata becomes inconsistent—you see stale logons, delayed Group Policy, authentication routed across the wrong WAN link, and lingering objects that are difficult to remove.
Windows Server 2025 raises the stakes for getting this right. The DC Locator now blocks NetBIOS-based discovery by default, which makes a correct, DNS-backed site topology a hard dependency rather than a best practice. A new Replication Priority Boost capability lets you override the directory's hardcoded replication priority heuristics for specific partners and naming contexts. And the new Windows Server 2025 functional levels expect a healthy, fully converged replication topology before you raise them.
Imagine you administer the contoso.com forest. The organization has consolidated to Windows Server 2025 DCs across a New York hub and several branch sites connected by varied WAN links. Branch users intermittently authenticate against the wrong site, a recently promoted branch DC is replicating its directory database slowly over a constrained link, and the identity team wants to raise the domain to the Windows Server 2025 functional level. Before any of that can proceed safely, you need to validate the site topology, confirm DC Locator behavior, read the replication metadata to prove convergence, and apply targeted replication priority where the defaults fall short.
In this module, you learn about designing Active Directory sites, subnets, site links, and costs; explain how the Knowledge Consistency Checker (KCC), Inter-Site Topology Generator (ISTG), bridgehead servers, and connection objects turn that design into a working replication graph; identify the topology anti-patterns that break DC Locator and replication on Windows Server 2025; read update sequence numbers (USNs), high-watermark vectors, and up-to-dateness vectors to reason about convergence; inspect linked-value and deleted-object metadata; and diagnose replication failures—applying Replication Priority Boost in controlled scenarios where the built-in priorities aren't optimal.
By the end of this module, you're able to:
- Design AD DS site topology—sites, subnets, site links, costs, schedules, and bridging—that maps cleanly to the physical network.
- Explain how the KCC, ISTG, bridgeheads, and connection objects build and maintain the intra-site and inter-site replication topology.
- Identify topology anti-patterns and validate DC Locator and replication behavior for Windows Server 2025 readiness.
- Explain USNs, high-watermark vectors, and up-to-dateness vectors, and inspect linked-value and deleted-object metadata with
repadmin, Windows PowerShell, and LDP. - Diagnose replication failures and apply Replication Priority Boost to prioritize specific replication partners and naming contexts.