.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Q. What is strict Active Directory (AD) replication consistency?
John Savill
September 18, 2009
1 Min Read
A. It's possible to enable strict replication mode with AD. Strict replication prohibits a domain controller (DC) that has been disconnected for a prolonged period from replicating outdated objects. A prolonged period is defined as longer than the tombstone lifetime, which is 180 days by default. The danger is that a DC that's disconnected for longer than the tombstone will potentially have objects that were deleted and have since been removed from the database through garbage collection. DCs with the strict replication consistency setting will refuse to replicate with the outdated DC.
To enable strict replication on a DC, use the command
repadmin /regkey +strictYou can also enable it by giving the registry key
HKLMSystemCurrentControlSetServicesNTDSParametersStrict Replication Consistencya value of 1.
Related Reading:
Q. What volume sizes do I need for my Active Directory?
Can I change the type of logging that Active Directory (AD) uses?
Q. If the DNS on my read-only domain controller (RODC) is read-only, should clients at that location point to DNS on the RODC or another DNS server that's writable?
Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
About the Author
You May Also Like
.png?width=700&auto=webp&quality=80&disable=upscale)