3.2.20 Example 20: Replicate Changes within a Domain

This example shows how the originating updates to a domain controller are replicated to other domain controllers in the same domain.

This example covers the use case in section 2.7.5.1, Replicate Changes within a Domain - Domain Controller.

Prerequisites

The general requirements described in section 2.6, Assumptions and Preconditions.

The Active Directory system meets all preconditions described in section 2.7.5.1.

Initial State

An administrator adds a user to a domain controller, DC1, and this change is not yet replicated to other domain controllers, DC2 and DC3.

Final State

Originating updates for DC1 are replicated to DC2 and DC3.

Sequence of Events

The following sequence diagram shows the message flow that is associated with this example.

Message flow for replication changes within a domain

Figure 66: Message flow for replication changes within a domain

  1. DC1 and DC2 use Kerberos ([MS-DRSR] section 2.2.3.2) to perform mutual authentication.

  2. DC2 sends an IDL_DRSBind request to DC1, which creates a context handle that is required to call any other methods in the interface ([MS-DRSR] section 4.1.3).

  3. Upon a successful response from DC1, DC2 obtains a context handle.

  4. DC2 invokes IDL_DRSGetNCChanges on DC1 periodically to replicate the changes that are performed to DC1 ([MS-DRSR] section 4.1.10).

  5. Upon a successful response, DC1 replicates its changes to DC2.

  6. DC2 sends an IDL_DRSUnbind request, which destroys the context handle that was previously created by the IDL_DRSBind request ([MS-DRSR] section 4.1.25).

  7. Upon a successful response from DC1, the context handle that was created previously is destroyed.

  8. DC2 and DC3 use Kerberos ([MS-DRSR] section 2.2.3.2) to perform mutual authentication.

  9. DC3 sends an IDL_DRSBind request to DC2, which creates a context handle that is required to call any other methods in the interface ([MS-DRSR] section 4.1.3).

  10. Upon a successful response from DC2, DC3 obtains a context handle.

  11. DC3 invokes IDL_DRSGetNCChanges on DC2 periodically to replicate the changes that are performed to DC2 ([MS-DRSR] section 4.1.10).

  12. Upon a successful response, DC2 replicates its changes to DC3.

  13. DC3 sends an IDL_DRSUnbind request, which destroys the context handle that was previously created by the IDL_DRSBind request ([MS-DRSR] section 4.1.25).

  14. Upon a successful response from DC2, the context handle that was created previously is destroyed.