Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2009-07-17) Linked Value Replication – The Order Of Replication

Posted by Jorge on 2009-07-17


When you increase the Forest Functional Level to at least Windows Server 2003, you are also enabling Linked Value Replication (LVR).

Did you know as soon as LVR is enabled the following happens with the order of replication:

  • For certain object non-linked attribute values are replicated first;
  • Then, for that same object, if any, linked attribute values are replicated.

If not, you do know now! J

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

4 Responses to “(2009-07-17) Linked Value Replication – The Order Of Replication”

  1. Jorge – Thanks for this technical nugget. How does this help me? What the benefit of linked attribute values to mankind? An example would be awesome. Thx!

  2. Jorge said

    In your day-to-day live this may be of no value for you. However, during troubleshooting or even recovery it is always important to understand HOW something works. That way you may understand why something happens or even how.

    Non-linked attribute: givenName, sn
    Linked Attribute: member, memberOf, manager, directReports, etc etc

    Recovery of linked attribute values can be a huge pain, depending on the AD infrastructure and the Windows Server OS you are using.

    I think I will write a few blog posts about object recovery in the next months or so….

  3. Jorge correct me If am wrong –
    Linked Value Replication, it is very important improvement in 2003.
    Replication of individual values of a multivalued attribute.
    a simple example is : Changes in a group. In 2000 if we change a group member in a group consisting of 1000 users all the values will replicate. But in 2003 only the changed users attribute of Group will replicate.

    Very happy to see your posts on recovery in short future.

    While restoring users or groups we are generally observe the issues related to linked attr., especially group membership.

    Could you please explain abt authoritative restoration of useraccount where his Group membsership should remain intact @ 2003 interim or 2003 FFL, (linked attr role) ?

  4. Apparently I can’t comment because I don’t have an account, or something like that.

    Anyway, a scenario where this matters is interrupted replication.
    Consider the following scenario.

    You wrote an app that assumes the normal LDAP transaction semantic on writes…all or nothing. So you go ahead and write the manager attribute and the title attribute in one write. They both get in, and the transaction succeeds. Your app (rightfully) assumes then that if one got there they both got there.
    Now you go to do a read from the DC, naturally expecting they are both there. And they are. Life is good.

    Now that data replicates over from DC1 (where you did the write) to DC2. There were many thousands of changes to replicate that day and so the replication operation spanned many replication packets. But half way through, the link between DC1 and DC2 was dropped. Repl is cool, it’ll get those changes when the link is back.

    But you have another instance of your app over in this remote site. It does a read off of DC2. It sees the title change but not the manager change! Freak out! How could this happen?

    All because LVs (that have LVR metadata) are now replicated at the end of the replication packet.

    It is worth noting that only LVs that have LVR metadata are replicated at the end of the replication packet. Even after FFL upgrade, LVs that don’t have LVR metadata are still replicated as they always were in their previous order. I’ll let you think about when this is a scenario (after all, when would we ever replicate an LV that doesn’t have LVR metadata? Turns out we do..think about it), and we can cover that in our next episode of The Link Values of our Lives. 

    ~Eric

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: