31 July, 2012

Configuring One Way Replication in DFSR on RODC

In this post, We will see how can create a Replication Group that will have 1-Way Replication between a Writable Domain Controller and a Read Only Domain Controller just as we have 1-Way Replication for SYSVOL

On the Writable Domain Controller "MyDC", We have created a Folder Named "One Way Data"

Created the same folder named "One Way Replication" on the Read Only Domain Controller "MyRODC"

Creating the Replication Group

Added the servers "MyDC and "MyRODC"

Selecting the folder to be replicated "C:\One Way Data" on the server "MyDC" which is a writable domain controller

Now comes the main point... The Read Only Domain Controller

The same folder "One Way Data" is also specified on the Read Only Domain Controller "MyRODC"... Wait... Don't you think that we did the same thing in the last post while creating a Replication Group for 2-Way Replication... So where lies the difference... huh

The difference lies in the small check box which says "Make the selected Replicated Folder on the member read only"

And we are done....

Here comes the Replication Group with 1-Way Replication Enabled.... Don`t miss the "Read-Only" tag that is mentioned in front the server "MyRODC"

Let`s do further testings...

Let me create a file named "From MyDC"on the writable server "MyDC" in the Replicated Folder

And as expected the file has replicated from MyDC to MyRODC

Let me create a file on the Read Only Domain Controller Server in the Replicated Folder "One Way Data"... Ideally, It should not replicate the file that I will create on the RODC Server... Lets see...

Oops....  Whats this... It didn't let me create the file... Yes... That is 1-Way Replication my dear friends.... Forget about if RODC will allow the file to replicate or not, It will not even allow you to create a file in that folder which is replicating 1-Way... :)

And then I started my Journey to see where lies the "Difference"

Check the Permissions on the Folder on the the Read Only Domain Controller

 Now check the permissions on the Writable Domain Controller

And my dear friends, you will be surprised to know that the permissions for the folder on both the servers will be exactly the same.... EXACTLY THE SAME
So the question is... Where lies the difference... hmm... Let me get some almonds for myself... :)

I looked into Active Directory and then  Registry, Ran a couple of tests and even Procmon... But didn't found anything relevant... And then.... The Almonds worked....

The answer lies in the "Heart" of DFSR Configuration... And if you thought that the heart is Active Directory, then you were wrong... The Heart is "System Volume Information" and the data that is stored under this folder

NOTE:- Guys, By default you do not have permissions on the "System Volume Information" folder... I took the ownership of the folder just to show you the data inside it... Do not play with this folder in production environment...

The Main Configuration Files for DFSR

And the files which we will require

Every Volume (Logical Volumes) will have a XML File in this folder. We need to select the file which corresponds to the volume which is hosting our data. In this case, It as simple as we had only one volume, so only one XML file

Let`s open the XML File.... And Browse to the Information related to the Replication Group that we have created for 1-Way Replication

(In the XML File, You will find different sections, One section per Replication Group)

For the Replicated Group "One Way Data", the Attribute "ReadOnly" Is set to "FALSE"

Remember the fact that currently we are on the writable domain controller "MyDC"

Now let`s move our concentration towards the Read Only Domain Controller

The same XML File... Volume....

The same section... Replication Group : One Way Replication

And the same Attribute: ReadOnly : TRUE

Ahhh... Here lies the difference.... the attribute is set to "TRUE"

You don't believe me... huh... I will Prove it....
Remember the RG that we created earlier which had 2-Way Replication Enabled....

For that RG, the value of "ReadOnly" is False on the Writable Domain Controller

And on the Read Only Domain Controller....

The value is also False

So, the bottom line Is... That for this Replication Group, Since the value of "ReadOnly" is set to FALSE on both the servers, hence fourth, It will replicate both ways... (2-Way)