At its foundation, the replication process is simply an effort to keep the copy of the Active Directory database identical on all domain controllers for a particular domain. For example, if an administrator removes a user from a group, the change is made on the domain controller that the administrator is currently logged into. For those few seconds after the change, that domain controller alone has the most current copy of the database. Eventually, though, after replication takes place, all domain controllers will have exact replicas of the database, including the change in group membership.
Active Directory replicates information between domain controllers using different methods, depending on the topology of your network—in particular, how many sites you have configured within Active Directory. In a single-site situation, all domain controllers in a domain will discover each other through published records in both Active Directory and the DNS system for the domain. But to cut down on network traffic, not every domain controller needs to actually replicate with every other domain controller. Active Directory uses a “loop” method. Take, for instance, four domain controllers—A, B, C, and D, as shown in Figure 5-45.
Figure 5-45. Looking at all replication topologies in a forest
In this example, Active Directory will ...