In this ever changing and highly dynamic IT world where a new version of an application comes before even before people can completely explore the old version, The key factor that drives you upward is "Continuous Study"... Your tenure in the field of IT is not proportional to your knowledge.... Few weeks back, I was discussing a topic on DFSR/RODC with one of my colleague and came across this fact
But what about other data, our custom data that we want to replicate. Yes, with any other data (except for SYSVOL), Microsoft has given us the liberty to choose if we want to make the data replicate 1-way or 2-way
Let`s first have a look on SYSVOL on RODC
The Lab
- Domain Controller (Writable) : MyDC
- Domain Controller (Read Only) : MyRODC
When you configure your first domain controller on a windows 2008 server thereby choosing the domain functional level as windows 2008, then SYSVOL automatically starts replicating using DFSR instead of FRS. In this scenario, you don't have to do ant migration from FRS to DFSR for SYSVOL
In this case as well, since both of our domain controllers were running on windows 2008 and the domain functional level was windows 2008, SYSVOL started replicating using DFSR
This is evident from the DFS GUI where it shows the "Domain System Volume" as a Replication Group.
The point to note here is that we havent made any changes, this being a fresh installation. Looking at the Replication Group, anyone can figure out that this is a 1 Way replication configured for SYSVOL
Now, let me quickly create another RG which will replicate some custom data. This RG (by default) will have a 2-way replication enabled
I have created a folder named "Data" on the server "MyDC" and placed a text file named "Test" in it
The same folder also created on the other server "MyRODC"
The file isn't there as we haven't enabled replication yet :)
Creating a Replication Group to replicate that folder
Replication Group : MyRG
Added both the servers "MyDC" and "MyRODC" in the RG
Replicated Folder : C:\Data
On the server "RODC", the same share "C:\Data"
The Replication Group is now Created
Again, the RG replicating SYSVOL is a 1-Way Replication
But look at this... The Replication Group that we created to replicate the folder "Data" has 2-Way Replication Enabled...
The file was created on the server "MyDC" has now replicated on to the other server "MyRODC"
Creating a file on the other server "MyRODC" just to prove that this has a 2-Way replication configured... So this file should now replicate on to the other server "MyDC"
Yippee.... It got Replicated
1-Way Replication (SYSVOL)
2-Way Replication (Custom Data)
What`s there in Active Directory wrt SYSVOL (DFSR and RODC)
Since RODC has only one way replication enabled, hence we do not have any connection object for RODC. That means RODC cannot replicate any changes to the writable domain controller
Where as for RODC, It has two connection objects.... Two?
Yes, U heard it Right... Two... One for Active Directory Changes and the other for File Replication :)
* With Inputs from Sarvdeep Kaur
I was arguing on the fact that on a RODC DFSR has a One Way Replication be it SYSVOL or any Data that you wants to Replicate using DFSR. To this my colleague said that its only the SYSVOL that has a 1-way replication in DFSR and not any custom data, i.e all other data except for SYSVOL will have a 2-way connection in DFSR... huh... And Guess what.... She was "RIGHT"... :)
I was able to figure out this in next few minutes of our discussion and would like to share this explanation....
As we know that RODC means Read-Only Domain Controller. That means, on a RODC, we cannot make any change in Active Directory... Right?
The SYSVOL data depends on Active Directory - The connection objects, the schedule, and other piece of information... all resides in Active Directory. So, in case RODC, when AD in Replicating one way, then how can we expect SYSVOL to replicate in both ways... :)
But what about other data, our custom data that we want to replicate. Yes, with any other data (except for SYSVOL), Microsoft has given us the liberty to choose if we want to make the data replicate 1-way or 2-way
We will now see how can we configure it both the ways in the coming posts
Let`s first have a look on SYSVOL on RODC
The Lab
- Domain Controller (Writable) : MyDC
- Domain Controller (Read Only) : MyRODC
When you configure your first domain controller on a windows 2008 server thereby choosing the domain functional level as windows 2008, then SYSVOL automatically starts replicating using DFSR instead of FRS. In this scenario, you don't have to do ant migration from FRS to DFSR for SYSVOL
In this case as well, since both of our domain controllers were running on windows 2008 and the domain functional level was windows 2008, SYSVOL started replicating using DFSR
This is evident from the DFS GUI where it shows the "Domain System Volume" as a Replication Group.
The point to note here is that we havent made any changes, this being a fresh installation. Looking at the Replication Group, anyone can figure out that this is a 1 Way replication configured for SYSVOL
Now, let me quickly create another RG which will replicate some custom data. This RG (by default) will have a 2-way replication enabled
I have created a folder named "Data" on the server "MyDC" and placed a text file named "Test" in it
The same folder also created on the other server "MyRODC"
The file isn't there as we haven't enabled replication yet :)
Creating a Replication Group to replicate that folder
Replication Group : MyRG
Added both the servers "MyDC" and "MyRODC" in the RG
Replicated Folder : C:\Data
On the server "RODC", the same share "C:\Data"
The Replication Group is now Created
Again, the RG replicating SYSVOL is a 1-Way Replication
But look at this... The Replication Group that we created to replicate the folder "Data" has 2-Way Replication Enabled...
The file was created on the server "MyDC" has now replicated on to the other server "MyRODC"
Creating a file on the other server "MyRODC" just to prove that this has a 2-Way replication configured... So this file should now replicate on to the other server "MyDC"
Yippee.... It got Replicated
1-Way Replication (SYSVOL)
2-Way Replication (Custom Data)
What`s there in Active Directory wrt SYSVOL (DFSR and RODC)
Since RODC has only one way replication enabled, hence we do not have any connection object for RODC. That means RODC cannot replicate any changes to the writable domain controller
Where as for RODC, It has two connection objects.... Two?
Yes, U heard it Right... Two... One for Active Directory Changes and the other for File Replication :)
* With Inputs from Sarvdeep Kaur
