The directory database is synchronized automatically by Advanced Server. Based on settings in the Advanced Server Registry, the PDC sends timed notices that signal the BDCs to request directory changes from the PDC. The notices are staggered so that all BDCs do not request changes at the same time. When the BDC requests changes, it informs the PDC of the last change it received. Thus the PDC always is aware of which BDC needs changes. If a BDC is up-to-date, then the BDC does not request changes.
For information about the Advanced Server Registry, see Advanced Server Administration.
Changes to the directory database consist of any new or changed passwords, new or changed user and group accounts, and any changes in their associated group memberships and user rights.
Changes to the directory database are recorded in the change log. The size of the change log determines how long changes can be held. The log holds a certain number of changes. As a new change is added, the oldest change is deleted. When a BDC requests changes, those changes which occurred since the last synchronization are copied to the BDC. The change log keeps only the most recent changes. If a BDC does not request changes in a timely manner, then the entire directory database must be copied to that BDC. For example, if a BDC is off-line for an extended period of time, the number of changes that can occur during that period may exceed the number that can be stored in the change log.
The automatic, timed replication to all domain BDCs of only those directory database changes that have occurred since the last synchronization is called partial synchronization. You can use Server Manager to force a partial synchronization of all BDCs in the domain. For example, if a new user is added to the domain and is in great need of certain resources, you can perform a partial synchronization to get the new user’s account added to all BDCs as soon as possible.
If needed, you can use Server Manager to manually force a partial synchronization of a particular BDC with the PDC. For example, if access is denied because of a problem with the BDC computer account password (as evidenced by "access denied" messages in the event log), a partial synchronization of the BDC with the PDC fixes the password problem and reestablishes a secure channel.
Sending a copy of the entire directory database to a BDC is called full synchronization. Full synchronization is performed automatically when changes have been deleted from the change log before replication takes place and when a new BDC is added to a domain.
The default Net Logon service settings for the timing of updates (every five minutes) and the size of the change log (approximately 2000 changes) ensure that full synchronization will not be required under most operating conditions.
The Computer menu in Server Manager includes a command for synchronizing changes to the directory database. The command that is available depends on the type of computer that is selected, as follows:
When the primary domain controller is selected, the Synchronize Entire Domain command is available on the Computer menu. This command copies the latest directory database changes from the PDC to all of the BDCs in the domain. Synchronize Entire Domain initiates synchronization of all BDCs without waiting for completion of any synchronization in progress.
When a backup domain controller is selected, the Synchronize With Primary Domain Controller command is available on the Computer menu. This command copies the latest directory database changes to the selected BDC only.
For information on how to synchronize domain controllers, see "Synchronizing a Backup Domain Controller with the Primary Domain Controller" and "Synchronizing All Servers of the Domain" in Server Manager Help.
