Replication within a site

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Replication within a site

Active Directory handles replication within a site, or intrasite replication, differently than replication between sites because bandwidth within a site is more readily available. The Active Directory Knowledge Consistency Checker (KCC) builds the intrasite replication topology using a bidirectional ring design. Intrasite replication is optimized for speed, and directory updates within a site occur automatically on the basis of change notification. Unlike replication data travelling between sites, directory updates replicated within a site are not compressed.

For information about intersite replication, see Replication between sites and How replication works.

Building the intrasite replication topology

The Knowledge Consistency Checker (KCC) on each domain controller automatically builds the most efficient replication topology for intrasite replication, using a bidirectional ring design. This bidirectional ring topology attempts to create at least two connections to each domain controller (for fault tolerance) and no more than three hops between any two domain controllers (to reduce replication latency). To prevent connections of more than three hops, the topology can include shortcut connections across the ring. The KCC updates the replication topology regularly.


  • The KCC actually creates a separate replication topology for each directory partition (schema, configuration, domain, application). Within a single site, these topologies are usually identical for all partitions hosted by the same set of the domain controllers.

Determining when intrasite replication occurs

Directory updates made within a site are likely to have the most direct impact on local clients, so intrasite replication is optimized for speed. Replication within a site occurs automatically on the basis of change notification. Intrasite replication begins when you make a directory update on a domain controller. By default, the source domain controller waits 15 seconds and then sends an update notification to its closest replication partner. If the source domain controller has more than one replication partner, subsequent notifications go out by default at 3 second intervals to each partner. After receiving notification of a change, a partner domain controller sends a directory update request to the source domain controller. The source domain controller responds to the request with a replication operation. The 3 second notification interval prevents the source domain controller from being overwhelmed with simultaneous update requests from its replication partners.

For some directory updates in a site, the 15 second waiting time does not apply and replication occurs immediately. Known as urgent replication, this immediate replication applies to critical directory updates, including the assigning of account lockouts and changes in the account lockout policy, the domain password policy, or the password on a domain controller account.

For more information about intrasite replication, see "Active Directory Replication" at the Microsoft Windows Resource Kits Web site.