Interesting fact about "AD USNs."

What’s an Update Sequence Number (USN)? In simple terms, it is a number that AD uses to track the most recent updates to a particular object. As AD incements the USN everytime a new object is added or a object change has been made to an existing object, you may ask how AD does not run out of USNs? Well the answer lies in the USN being a 64 bit number that AD uses to increment the USNs. Although we kind of get accustomed to 64, 128 & 256 bits & kind of throw these bits around casually, a 64 bit number means that there are enough numbers to increment ten thousand USNs per second, for sixty six million years, before AD runs out of USNs.

More Details on How Active Directory Replication Works

Active Directory replication will seem logical if you’re already familiar with how replication works in Windows NT 4.0 domains. Each update is assigned its own 64-bit unique sequence number (USN) from a counter that is incremented whenever a change is made. These updates are system-specific, so every Active Directory server maintains a separate counter.

When a server replicates an update to other Active Directory servers, it sends the USN along with the change. Each server maintains an internal list of replication partners and the highest USN received from them. The server receiving the update requests only those changes with USNs higher than previously received. This method has the added benefit of stopping updates from propagating endlessly between multiple Active Directory servers.

One problem inherent in any multimaster replication scheme is that updates to a single object can occur in multiple places at the same time. For example, if an administrator in Boston changes a user’s name from “Curt” to ‘”Kurt” and an administrator in Chicago simultaneously changes that same user’s name from “Curt” to “Kirk,” a replication collision will occur. There are two problems to deal with when a collision occurs: detecting the collision and resolving the collision.

Active Directory stores property version numbers to allow replication collision detection. These numbers are specific to each property of every object within Active Directory and are updated every time the property is modified. These numbers are propagated through Active Directory along with the change, so a server that receives two different updates to the same property with the same property version number can conclude that a replication collision has occurred.

Active Directory servers resolve collisions by applying the update with the later timestamp. The timestamp is created by the server that initiated the change, so it is very important to keep system time synchronized between Windows 2000 servers.

Note: Use the built-in distributed time synchronization service to keep all servers working together!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: