Sams Teach Yourself MCSE Windows NT Server 4 in 14 Days
(Publisher: Macmillan Computer Publishing)
Author(s): David Schaer, et al
ISBN: 0672311283
Publication Date: 12/15/97

11.6. Directory Replication

Directory services traffic include both synchronization of the Security Accounts Manager (SAM) database from the PDC to each BDC as well as directory replication. A Windows 95 client logging on generates 39 frames and 6,538 bytes of data. Synchronization of only two user accounts generates approximately 28 frames and 5,654 bytes of traffic. This does not include any additional logon processes that might take place, such as login scripts and user profile validations.

11.6.1. SAM Synchronization

The NetLogon service handles the job of keeping the SAM synchronized on all BDCs with the PDC. If an organization has multiple sites at various geographical locations, then optimization includes evaluating the amount of traffic generated across the WAN link by user logons as well as the amount of synchronization traffic.

Having a BDC at the remote site ensures that users are able to log on to the domain even if the WAN link is down. However, synchronizing the entire user database may make the WAN link unavailable for other purposes during synchronization.

Synchronizing the user database takes an average of 1KB per change, so fully synchronizing a SAM containing 30,000 users across a slow link can take up to 24 hours.

Both synchronization events and changes to the SAM are recorded by the PDC in a file called the change log. If this file becomes full, the older events are overwritten. If too many changes occur between synchronizations, a full copy of the SAM from the PDC to the BDC is made to ensure that the SAM on the BDC is accurate. If the WAN link is unstable, the BDC might also force a full synchronization—increasing network traffic even more.

The parameters you can change to affect how synchronization occurs include ReplicationGovernor, PulseConcurrency, Pulse, and Randomize.

ReplicationGovernor

The ReplicationGovernor parameter controls the percentage of bandwidth that the NetLogon service can use during synchronization and is found at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\ReplicationGovernor. The default value is 100 percent. Changing to 50 percent allows other traffic access to the link while synchronization occurs.

PulseConcurrency

NetLogon sends pulses to individual BDCs, which then respond by requesting any changes. The PulseConcurrency determines how many simultaneous replications the PDC can handle. The default value is 20 and can be set between 1 and 500. Lowering this number results in a lower utilization of bandwidth but lengthens the amount of time before complete synchronization occurs, especially if there is a large number of BDCs.

Pulse

The Pulse parameter controls how often the primary domain controller sends messages to backup domain controllers that need updating. The default value is five minutes to a maximum of 60 minutes. If changes in the SAM occur infrequently, a setting of 60 minutes results in less traffic across the WAN link while maintaining accuracy of the BDC’s copy of the SAM.

Randomize

The Randomize number determines how long the BDC waits after receiving a pulse before contacting the PDC. The default is 1 second with an allowable range of 0 to 120 seconds.

PulseMaximum

The PulseMaximum parameter determines how often the PDC sends a pulse message to the BDCs even when no changes have occurred. The default value is 2 hours and can be increased to 24 hours. Extending this value also reduces WAN traffic.

ChangeLogSizeControls

The ChangeLogSizeControls parameter determines the number of changes that must occur to the SAM before a full synchronization occurs. The default is 64KB or about 2,000 changes. If changes occur frequently, such as users changing passwords, this amount can be quickly exceeded, resulting in a need to perform a full synchronization—causing excessive WAN traffic.

Logon Optimization

When planning how to set up various NETLOGON parameters, you must consider how frequently changes occur as well as the location of each of the BDCs in relation to the PDC. Don’t forget to take into consideration the total number of servers in your network because each server changes its internal password every seven days.

11.6.2. Directory Replication

Directory replication is a feature of Windows NT Server that enables you to replicate logon scripts, policy files, and other important files to other computers on your network. By using this feature, you can set up identical directories on many computers on your network. One Windows NT Server computer will maintain the master copy of this directory, and replication is set up to occur automatically.

The Windows NT Server computer that maintains this master copy of the replicated directory is known as the export computer. Computers that are set up to receive copies of this directory are known as import computers. The following types of computers can be import computers:

•  Windows NT servers

•  Windows NT workstations

•  Microsoft LAN Manager OS/2 servers

The export server keeps the directories which will be replicated in an export directory that, by default, is \winnt\System32\Repl\Export. Any subdirectories under this directory automatically are replicated. Each import computer has a corresponding import directory that, by default, is \winnt\System32\Repl\Import.

You set up directory replication by using Server Manager, which can be found in the Administrative Tools group under the Start menu. Highlight the server for which you want to set up replication, and select Properties under the Computer menu. This brings up the properties dialog box for that server (see Figure 11.34).

Figure 11.34.  Viewing the properties for a server in Server Manager.

Click the Replication button and you see the Directory Replication dialog box for the server (see Figure 11.35).

A Windows NT server can be set up as an export server, an import server for another Windows NT server, or both. To set up an export server, choose the Export Directories radio button from the Directory Replication dialog box. The path to the default export directory is automatically entered in the From Path field. To add a computer to export to, click the Add button and enter the name of the domain or the computer to which you want to export.

Figure 11.35.  Setting up replication in Server Manager.