The IT infrastructure of organizations often needs the existence of more than one Domain Controller (DC) for it's Active Directory (AD). For keeping an environment with more than one DC consistent, it is necessary to have the AD objects replicated through those DCs.
Most of the replication related tasks are specified on the Directory Replication Service (DRS) Remote Protocol. The Microsoft API which implements such protocol is called DRSUAPI.
Below we describe some important functions and data structures.
DSBind and DSUnbind Functions
Those functions are necessary to manipulate the context handle, which is necessary to call others functions of the DRSUAPI. DSBind method creates the context handle, while the DSUnbind destroys an existing context handle.
The client DC sends a DSGetNCChanges request to the server when the first one wants to get AD objects updates from the second one. The response contains a set of updates that the client has to apply to its NC replica.
It is possible that the set of updates is too large for only one response message. In those cases, multiple DSGetNCChanges requests and responses are done. This process is called replication cycle or simply cycle.
When a DC receives a DSReplicaSync Request, then for each DC that it replicates from (stored in RepsFrom data structure) it performs a replication cycle, where it behaves like a client and makes DSGetNCChanges requests to that DC. So it gets up-to-date AD objects from each of the DC's which it replicates from. This function implements a changes propagation mechanism.
RepsFrom and RepsTo structures
The RepsFrom and RepsTo structures hold metadata information about the NC replicas that are used during replication.
RepsFrom is a multivalued structure that holds information about the NC replicas whose the DC has to get information from, when it is replicating (when attending a DSReplicaSync request).
The RepsTo structure stores information about the NC replicas whose the DC replicates to. For each DC which has to be informed about changes (using DSReplicaSync request), there is an attribute value of RepsTo.
- Stefan Metzmacher Bachelor Thesis about Active Directory Replication (English translated version)
- MS-DRSR: Directory Replication Service (DRS) Remote Protocol Specification at msdn.microsoft.com
- DRS Tutorial about DRSUAPI Implementation in Samba and other stuff (Video)
- DRS Tutorial about DRSUAPI - Quick guide for the lessons learned during the first tutorial