Managing Active Directory Lightweight Directory Services Replication in Server 2022

Posted on 16th June 2023

Active Directory Lightweight Directory Services (AD LDS) is a directory service that provides a flexible means of storing directory data and enables you to extend or replace Active Directory Domain Services (AD DS) in a number of scenarios, such as development environments or branch offices. AD LDS runs as a service on Windows Server and has its own replication topology separate from AD DS. As with AD DS, you can deploy AD LDS instances in multiple sites to provide location-independent access to directory data and to improve the availability of directory services. To manage replication of AD LDS data between sites, you use the Active Directory Sites and Services snap-in.

Understanding AD LDS Replication

AD LDS uses a multimaster replication model, which means that any AD LDS instance can accept updates to the directory. These updates are then propagated to other AD LDS instances according to the replication schedule that you configure. You can configure AD LDS replication to occur automatically or on demand. AD LDS also uses a pull-based replication model, which means that replication connections are initiated by replication partners and not by the AD LDS replication service. This pull-based model gives you more control over when replication occurs and reduces replication traffic on your network.

Configuring AD LDS Replication

To configure replication for AD LDS, you use the Active Directory Sites and Services snap-in. You can use this snap-in to configure the following aspects of AD LDS replication:

  • Replication schedules
  • Replication transports
  • Replication topology

Replication Schedules

By default, AD LDS replication occurs automatically every 15 minutes. You can modify the replication schedule to better suit your environment. For example, if you have a large amount of data to replicate, you might want to increase the replication interval. Or, if you require near-instantaneous replication of data, you can decrease the replication interval.

Replication Transports

AD LDS supports two replication transports:

  • Remote procedure call over Transmission Control Protocol/Internet Protocol (RPC/TCP)
  • Lightweight Directory Access Protocol (LDAP)

RPC/TCP is the default replication transport. It is a reliable transport that uses the Microsoft Remote Procedure Call (RPC) protocol to communicate between replication partners. RPC/TCP uses port 636 by default. LDAP is a less reliable transport that uses the LDAP protocol to communicate between replication partners. LDAP uses port 389 by default.

Replication Topology

The replication topology for AD LDS is determined by the replication schedules and replication transports that you configure. AD LDS supports the following replication topologies:

  • Full mesh
  • Hub and spoke
  • Ring

In a full mesh topology, every AD LDS instance replicates with every other AD LDS instance. This topology provides the best fault tolerance because if one replication partner is unavailable, the other replication partners can still replicate with each other. However, a full mesh topology can be complex to configure and manage. A hub and spoke topology consists of a central AD LDS instance, called a hub, that replicates with a number of other AD LDS instances, called spokes. The spokes do not replicate with each other. This topology is simpler to configure and manage than a full mesh topology and can be used to minimize replication traffic on slow or expensive links. In a ring topology, AD LDS instances are arranged in a ring so that each instance replicates with the two AD LDS instances that precede and follow it in the ring. This topology is simpler to configure and manage than a full mesh topology and can be used to minimize replication traffic on slow or expensive links.

Configuring a Replication Schedule

To configure a replication schedule for AD LDS, you use the Active Directory Sites and Services snap-in. You can use this snap-in to configure replication to occur automatically or on demand. To configure a replication schedule, you do the following:

  1. Open the Active Directory Sites and Services snap-in.
  2. In the left pane, expand the site in which you want to configure replication.
  3. Expand the Servers folder.
  4. Expand the server on which you want to configure replication.
  5. Expand the NTDS Settings folder.
  6. In the right pane, right-click the replication connection that you want to configure and select Properties.
  7. On the General tab, in the Replication schedule list, select the replication schedule that you want to use.
  8. Click OK.

Configuring a Replication Transport

To configure a replication transport for AD LDS, you use the Active Directory Sites and Services snap-in. You can use this snap-in to configure replication to use RPC/TCP or LDAP. To configure a replication transport, you do the following:

  1. Open the Active Directory Sites and Services snap-in.
  2. In the left pane, expand the site in which you want to configure replication.
  3. Expand the Servers folder.
  4. Expand the server on which you want to configure replication.
  5. Expand the NTDS Settings folder.
  6. In the right pane, right-click the replication connection that you want to configure and select Properties.
  7. On the General tab, in the Transport list, select the replication transport that you want to use.
  8. Click OK.

Configuring a Replication Topology

To configure a replication topology for AD LDS, you use the Active Directory Sites and Services snap-in. You can use this snap-in to configure a full mesh, hub and spoke, or ring replication topology. To configure a replication topology, you do the following:

  1. Open the Active Directory Sites and Services snap-in.
  2. In the left pane, expand the site in which you want to configure replication.
  3. Expand the Servers folder.
  4. Expand the server on which you want to configure replication.
  5. Expand the NTDS Settings folder.
  6. In the right pane, right-click the replication connection that you want to configure and select Properties.
  7. On the General tab, in the Replication schedule list, select the replication schedule that you want to use.
  8. Click OK.

Copyright © 2024 The Gadget Gazette