In a Windows Server 2003 domain, all domain controllers are equal. Therefore, if you apply changes to any domain controller, the complete domain directories of all other domain controllers must be updated (through a process called multi-master replication) to record those changes.
Here's how multi-master replication works: Active Directory uses an Update Sequence Number (USN) to track changes and updates made to Active Directory objects. As changes are made to the objects, this number is incremented by 1 on each object affected by the change. For example, a user account object that was updated to include a home telephone number would have its USN incremented by 1 to reflect that it had been modified. This modification is then sent to the other domain controllers in the domain. The object with the higher USN - that is, the updated object - overwrites the object with the lower USN.
USN increments are atomic operations; in English, this means that the increments to the USN's value and the actual change to directory data occur at the same time. If one part fails, the whole change fails; therefore, it's not possible to change any Active Directory object without its USN being incremented. Thus, no changes will ever be lost. Each domain controller keeps track of the highest USNs for the other domain controllers with which it replicates. This allows
the domain controller to calculate which changes must be replicated during each replication cycle. In the simplest terms, the highest-numbered USN always wins!
Domain trees
A domain tree is a set of Windows 2000 domains or Windows Server 2003 domains (or both) connected by a two-way, transitive trust and sharing a common schema, configuration, and global catalog. To be considered a true domain tree, the domains must form a contiguous hierarchical namespace. A single domain all by itself with no child names is still considered a tree.
The first domain installed in a domain tree is the root domain of that tree. It is considered the forest root domain if it is also the first domain in the forest. An Active Directory forest is a collection of one or more Windows 2000 domains or Windows Server 2003 domains (or both) that share a common schema, configuration, and global catalog. Active Directory forests have a non-contiguous namespace.
All domains in a domain tree and all trees in a single forest have the connectivity benefit of the two-way, transitive trust relationship, which is the default trust relationship between Windows 2000 and Windows Server 2003 domains. This complete trust between all domains in an Active Directory domain hierarchy helps to form the forest as a single unit through its common schema, configuration, and global catalog.
At the start of each replication cycle, each domain controller checks its USN table and queries all other domain controllers with which it replicates for their latest USNs. As an example, the following represents the USN table for Server A.
Domain Controller USN
DC B 54
DC C 23
DC D 53
Server A then queries the domain controllers for their current USNs and gets these results:
Domain Controller USN
DC B 58
DC C 23
DC D 64
From this data, Server A can calculate the changes it needs from each server:
Domain Controller USN
DC B 55, 56, 57, 58
DC C Up-to-Date
DC D 54-64
It would then query each server for the updates it needs.
Up-to-Date Vectors are two different segments of data that contain a Globally Unique Identifier (GUID) and the Update Sequence Number (USN). The Up-to-Date Vector is made up of server USN pairs held by the two domain controllers containing the highest originating updates. (This is usually the domain controller in which the originating update occurred and then its immediate replication partners.) The High Watermark Vector contains the highest attribute USN for any given object. By using both of these vectors, domain controllers can calculate the fact that a given replication of data has already been received to prevent further replication of that particular update.
Because objects have properties, they also have Property Version Numbers (PVNs). Every property of an object has a PVN, and each time a property is modified, its PVN is incremented by 1. (Sound familiar?) These PVNs are used to detect collisions, which happen when there are multiple changes to the same property of an object. If a collision occurs, the change with the highest PVN takes precedence.
If those PVNs match, a time stamp is used to resolve any such conflicts. Time stamps are a great second line of defense in avoiding collisions. They explicitly mark when each change to the directory data has been made, thus enabling the system to determine whether one change does in fact take precedence over another.
In the highly unlikely event that the PVNs match and the time stamp is the same, a binary buffer comparison is carried out and the larger buffer size takes precedence. PVNs (unlike USNs) are incremented only on original writes, not on replication writes. PVNs are not server specific but travel with the object's properties.
A propagation-dampening scheme is also used to stop changes from being repeatedly sent to other servers. The propagation-dampening scheme used by Windows Server 2003 prevents logical loops in the Active Directory structure from causing endless proliferation of updates and prevents redundant transmission of updates to already current servers.