次の方法で共有


Enable Change Notifications between Sites – How and Why?

Hello all, hope you guys are doing great. Today, I wanted to write a little about Change Notification, why you ask? Simply because one of my customer had a number of questions on what it is, why it’s there and what can be done to enable it for site links.

So, l will try to answer the 3 questions here.

First, what is Change Notification? Change Notification is the interval between an originating update on a domain controller and notification of this change to its partners. When this interval elapses, the domain controller initiates a notification to each intra-site replication partner that it has changes that need to be propagated. Another configurable parameter determines the number of seconds to pause between notifications to other partners if any. This parameter prevents simultaneous replies by the replication partners.

There are two values for the interval – one for the first partner, and other for the subsequent partners. When a change is made on a Domain Controller’s Active Directory database, before the change is replicated, the DC waits for a specific period of time before sending the Change Notification to its first partner, and then waits for another period of time before sending the Change Notification to another partner, this process continues until all partners are notified.

For intra-site replication partners, a DC waits 15 seconds (300 in W2K) before notifying its first replication partner and then another 3 seconds (30 in W2K) before sending this change notification to subsequent partners. These intervals can be modified by the below DWORD values in the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Replicator notify pause after modify (secs)

                and

                Replicator notify pause between DSAs (secs)

These DWORD values control how long to wait before sending the Change Notification after a modify operation on a Domain Controller to its first partner and then all subsequent partners in the same site. But what about my Domain Controllers in other sites?. We know that replication honors Replication Intervals set on the Site Link between two sites and the minimum interval that can be set via the AD Sites and Services snapin is 15 minutes. What if your environment can afford to enable these change notifications between your sites or specific sites because you have a large amount of bandwidth. For this you can enable Change Notifications between sites as well. To do this:

1. Open ADSIEdit.msc.

2. In ADSI Edit, expand the Configuration container.

3. Expand Sites, navigate to the Inter-Site Transports container, and select CN=IP.
Note: You cannot enable change notification for SMTP links.

4. Right-click the site link object for the sites where you want to enable change notification, e.g CN=DEFAULTSITELINK, click Properties.

5. In the Attribute Editor tab, double click on options.

a. If the Value(s) box shows <not set>, type 1

b. If the Value(s) box contains a value, you must derive the new value by using a Boolean BITWISE-OR calculation on the old value, as follows: old_value BITWISE-OR 1. For example, if the value in the Value(s) box is 2, calculate 0010 OR 0001 to equal 0011. Type the integer value of the result in the Edit Attribute box; for this example, the value is 3.

6. Click OK.

See PowerShell Script to Enable Change Notification @ https://gallery.technet.microsoft.com/scriptcenter/61cb88bb-8c61-477f-834e-79ed0c153669

or VBScript to Enable Change Notification for Site Links @ https://gallery.technet.microsoft.com/scriptcenter/390b54d2-cd49-4f46-92e0-c22ff6f25f1c

With Change Notification enabled between sites, changes propagate to the remote site with the same frequency that they are propagated within a site. The advantage of enabling Change Notification between sites are little to no conflicts. As a matter of fact, I have yet to see a Conflict object (will discuss some other time) between DCs in different sites if Change Notification is enabled between those sites. Plus if there are a lot of changes being made, these changes will not be queued up as they will be replicated with the same frequency as the domain controllers in the DC’s own site. What about disadvantage? Is there one? Well sure, it’s a possible and potential replication storm as all the domain controllers are part of the Change Notification intervals.

But what about compression? Replication within a site for AD is not compressed, while in remote sites, replication data is always compressed to take advantage of the low speed links and intervals set between them. So if you are one of those environments that are enjoying the fruits of enabling Change Notification between sites and would like to replicate data uncompressed vs. compressed, then here is another tip.

The value of Options attribute that we modified above, if the value is 1, then Change Notification is enabled with compression; and if you change the value to 5, then Change Notification is enabled without compression, hurrah J

Comments

  • Anonymous
    January 01, 2003
    Thanks.I congratulate you for this blog. I've really enjoyed. I sincerely thank you again

  • Anonymous
    January 01, 2003
    Qasim, thank you very much. I read something useful today because of you. Thanks again.

  • Anonymous
    January 01, 2003
    hmmm, good one!

  • Anonymous
    October 07, 2010
    I subscribed to your blog, love the details and I'm encouraging some other AD enthusiast friends to as well; hopefully you keep at it as I'm pretty interested to see what you write up next. M

  • Anonymous
    May 09, 2011
    Hey Q Thanks again... this is very elegantly explained... Nice work.

  • Anonymous
    June 06, 2011
    Great explanation of this attribute. I found many how to posts but this is the first one that actually axplains why you would do it and identifies any risks involved.

  • Anonymous
    October 29, 2013
    Thanks for your blog. Is there a way to Monitor the Change? Thomas

  • Anonymous
    November 27, 2013
    I am new to AD.. I am thank full to you for this blog, thats guide me alot... Please tell me if from where i have to improve my ad skills more...

  • Anonymous
    June 25, 2014
    The comment has been removed

  • Anonymous
    June 26, 2014
    Pingback from Network Steve

  • Anonymous
    January 14, 2015
    Awesome.
    Thanks a lot for nice article.

  • Anonymous
    January 19, 2016
    It could be clearer for all if the phrase "In the Attribute Editor tab, double click on options." would be changed to "browse the attribute named "Options" (which value is by default ) and change its value to "1".
    And you should have filter "show only attributes that have values" not selected to see the empty attribute.
    Clearing this Options Attribute, disables notification based replication.
    Also notice that the setting comes effective when it has been replicated to all DC's that are affected by the site link.

  • Anonymous
    April 21, 2016
    Great value of technical information. Truly appreciated.