Today we continue to review the mechanics of Active Directory replication:
We are referring to intrasite replication for the most often use cases of Active directory domain name-context item changes. Such AD replication takes place between DCs in pull operations, not pushes. AD controls and manages the transmission of AD Data. We discussed what makes up the replication metadata and we saw how it is put to use. We saw how it was used to address conflict resolution.
Today we will see one more mitigation which is USN rollback. It has to do with object deletions. Rather than simply removing the object, it is marked deleted so that this is replicated to other DCs who know now that the object is deleted. Also the original object does not need to be passed around since it my have a big size. Only the shell with the isDeleted attribute is sent across aka tombstone. USN rollback occurs when a domain controller is so completely out of date that it has "missed" one or more tomb-stoned objects and thus is unable to bring its local copy of the Active Directory up to date. One way to avoid this is to have the DC recognize that it has been out of service longer than the longest tombstone period and not come back online. Instead it is rebuilt from scratch.
Rebuilding in general is the right approach as compared to repairing in many cluster based technologies.
Theoretically this is proved because it improves the mean time to data loss. The protection overhead is reduced, space is better utilized and there is no net addition to management overhead.
The second kind of usn rollback occurs when a DC has been restored with an inappropriate means and it has not kept current with the other DCs. This is referred to as going back in time because the restore was not AD aware. This is mitigated with event logging where the text of the log and the necessary steps to recover them are available.
In order to override automatic replication of AD objects, we could do one of the following:
1) invoke repadmin command on the destination DC to pull the changes
2) invoke repadmin command on the souce DC to push changes to all other DC.
3) issue active directory powershell cmdlet to invoke sync on a per object basis.
#puzzle
In a party of N people, only one person is known to everyone. Such a person may be present in the party, if yes, she doesn’t know anyone in the party. We can only ask questions like "does A know B?". Find the stranger in minimum number of questions.
This problem is better visualized with a directed graph where there is only one vertex that has all incoming edges from the N-1 other vertices and no outbound edges to anybody else. To construct a graph, we will need to form the adjacency matrix which is O(N^2), Then we can traverse to see if there is any vertex satisfying the criteria.
int FindCelebrity(int[,] m, int row, int col)
{
assert (row == col);
for (int i = 0; i < row; i++)
{
int known = 0;
for (int j = 0; j < col; j++)
known += m[i,j];
if (known != 0) continue;
for (int k=0; k<row; k++)
if (k!=i && m[k,i] > 0)
known += m[k,i];
if (known == row-1) {
console.WriteLine("Celebrity found at {0}", i);
return i;
}
}
return -1;
}
We are referring to intrasite replication for the most often use cases of Active directory domain name-context item changes. Such AD replication takes place between DCs in pull operations, not pushes. AD controls and manages the transmission of AD Data. We discussed what makes up the replication metadata and we saw how it is put to use. We saw how it was used to address conflict resolution.
Today we will see one more mitigation which is USN rollback. It has to do with object deletions. Rather than simply removing the object, it is marked deleted so that this is replicated to other DCs who know now that the object is deleted. Also the original object does not need to be passed around since it my have a big size. Only the shell with the isDeleted attribute is sent across aka tombstone. USN rollback occurs when a domain controller is so completely out of date that it has "missed" one or more tomb-stoned objects and thus is unable to bring its local copy of the Active Directory up to date. One way to avoid this is to have the DC recognize that it has been out of service longer than the longest tombstone period and not come back online. Instead it is rebuilt from scratch.
Rebuilding in general is the right approach as compared to repairing in many cluster based technologies.
Theoretically this is proved because it improves the mean time to data loss. The protection overhead is reduced, space is better utilized and there is no net addition to management overhead.
The second kind of usn rollback occurs when a DC has been restored with an inappropriate means and it has not kept current with the other DCs. This is referred to as going back in time because the restore was not AD aware. This is mitigated with event logging where the text of the log and the necessary steps to recover them are available.
In order to override automatic replication of AD objects, we could do one of the following:
1) invoke repadmin command on the destination DC to pull the changes
2) invoke repadmin command on the souce DC to push changes to all other DC.
3) issue active directory powershell cmdlet to invoke sync on a per object basis.
#puzzle
In a party of N people, only one person is known to everyone. Such a person may be present in the party, if yes, she doesn’t know anyone in the party. We can only ask questions like "does A know B?". Find the stranger in minimum number of questions.
This problem is better visualized with a directed graph where there is only one vertex that has all incoming edges from the N-1 other vertices and no outbound edges to anybody else. To construct a graph, we will need to form the adjacency matrix which is O(N^2), Then we can traverse to see if there is any vertex satisfying the criteria.
int FindCelebrity(int[,] m, int row, int col)
{
assert (row == col);
for (int i = 0; i < row; i++)
{
int known = 0;
for (int j = 0; j < col; j++)
known += m[i,j];
if (known != 0) continue;
for (int k=0; k<row; k++)
if (k!=i && m[k,i] > 0)
known += m[k,i];
if (known == row-1) {
console.WriteLine("Celebrity found at {0}", i);
return i;
}
}
return -1;
}
No comments:
Post a Comment