Chapter 17. AD replication
You’ve seen that AD domain controllers work in a multi-master fashion. This means that you can make changes, like modifying a user account or changing group membership on any domain controller. If that’s all that happens, you’ll be left with multiple versions of the same user account or groups that “think” that they have different membership lists depending on which domain controller you’re looking at. This is a recipe for chaos.
Try it Now: Test data is identical across domain controllers
Check the same user account on different domain controllers. Is the information identical? Can you see anything different between the two versions? Make the same check for the membership list of a group.
Hopefully you’ve found that the data associated with users, groups, and other objects is the same across domain controllers. You’ll find some minor differences in the information held for an individual object on each domain controller, but this has to do with keeping track of the object, such as the Update Sequence Number (USN).
Active Directory needs a process to ensure that when an object is changed on one domain controller, that change is communicated to all other relevant domain controllers. This process is called replication.