Strict Replication Consistency On New Domain Controllers

Last time out I talked about Content Freshness and likened it to Strict Replication Consistency. This time out... more on Strict Replication Consistency (SRC)...

For those folks with forests that have been around since Windows Server 2000, there's a check you can perform with PowerShell to see if your newly created domain controllers will have SRC automatically enabled. 

#Create a string for the forest's config partition

$Config = (Get-ADForest).PartitionsContainer -Replace "CN=Partitions,", ""

#Check for the object that sets Strict Replication Consistency on all new DCs

Get-ADObject -Identity "CN=94fdebc6-8eeb-4640-80de-ec52b9ca17fa,CN=Operations,CN=ForestUpdates,$Config"

With this setting present, all new DCs will have SRC enabled. If the object doesn't exist new DCs won't be automatically configured for SRC. Here's how to add the object.

New-ADObject -Name "94fdebc6-8eeb-4640-80de-ec52b9ca17fa" -Type Container -Path "CN=Operations,CN=ForestUpdates,$Config"

Now, if you have DCs that are configured to use Loose Replication Consistency (love that name!), adding this object won't activate SRC on those DCs. To do that you'll need repadmin or you could use PowerShell to update the registry directly. Please note: switching on SRC will cause Active Directory replication to stop if any lingering objects are detected.

Finally, when the fist domain controller in the root domain of a forest is created as Windows Server 2003 or higher, the '94fdebc6-8eeb-4640-80de-ec52b9ca17fa' object will be present in the 'Operations' container and all new DCs will have SRC switched on by default, thereby protecting the forest from the lingering objects.