Replication may be defined as the same data carried out by the same system or different platform system.When using a directory service as active directory the same information is carried out by all the domain controllers ,so when you want to contact a domain controller for use, there is always a local copy for use so that requests do not have to be sent over the wide area network.

Replication of the active directory operates within the directory service component of the security sub system.This component is called Ntdsa.dll and accessed through the LDAP protocol.Ntdsa.dll runs as a part of the Local security authority , which runs as Lsass.exe.Updates are transported by the IP over the RPC protocol.

In the above figure , you can see a common network (2 sites connected via a wan link) with a domain controller in each location

The health and maximized performance depends upon the smooth replication process .If you have problems , with replication you will not only have login problems , but also poor performance .
Now consider a common problem , with a failed network link

ISP ‘s and telecom service providers ocassionally have problems and service can be interrupted . This of course stops the communication between the domain controller’s therefore also severing the repolication process .This can prevent the synchronization of information between the domain controller’s and possibly cause the corruption or other problems .

The best thing is to provide abckup link such as ISDN , is a digital wan technology used to faciliate connections between the sites .More commonly Used today for disaster recovery,ISDN still has a place in today’s market place.

Here are the several steps to trouble shoot active directory

Verifing the Network Connectivity

Inorder to have the replication process properly the Network connectivity must be ina proper way. Although , iodeally all domain controllers would be connected by high -pass and redunat LAN and WAN links this rarely the case for larger deployments and for most companies that utilize slow WAN links that aren’t recoverable from disaster .
In real world, deployments, analog /dial up and slow connections are common ,
if you have verified that replication toplogy is set up properly ,you should communicate that servers are able to communicate properly .

Verifing the router and firewall configurations .

When building a secure network most times controls are placed on the network devices to filter the traffic going form place to place .The most coomonly tool used for controlling the traffivc is firewall.A fire wall usually dedicated to only protecting the perimeter so it is designed to do that it only minimizes the risk.
Firewalls are used to restrict the types of traffic that can be transferred over the networks.Their main use is to prevent unauthorized users from transferring the information .

Network Ports used by the Active directory Replication:

RPC replication uses dynamic port mapping as per default setting .When you need to connect an RPC end point during active directory replication ,RPC uses TCP port 135. RPC on the client contacts the RPC endpoint mapper on the server a well known port and randomly allocates high end TCP ports from 1024 to 65536 .The ports which are used by the active directory replication are .

PROTOCOL PORT

LDAP UDP 389
TCP 389

LDAP(SSL) UDP 636
TCP 636

KERBEROS UDP 88
TCP 88

DNS UDP 53
TCP 53

SMB over IP UDP 445
TCP 445

GLOBAL CATALOG SERVER TCP 3268
TCP 3269

Examining the Event logs:

Errors if they occur they show up in the event viewer. When ever there is an error in the replication service the computer writes events to the directory service and file replication service event logs. we may receive events such as

1. Event ID 1311 in the directory service log
2.Event ID 13265 with error “DNS LOOKUP FAILURE” or ” RPC SERVER UNAVAILABLE”.

Verifing the site links:

Before domain controllers in different sites can communicate each other verify the site links are connected properly. If replication doesnt occur properly verify the site links by using the rool repadmin.exe.Use this site tool for correct site links and to display inbound and outbound connections

Verifing the Replication topology:

The active directory sites and services tool allows you to verify the that a replication topology is logically constient.You can perform this task by right clicking the NTDS settings , within a server object and choosing all tasks => choose replication topology and you can verify the topology by the active directory sites and services tool.

If you’d like to learn more about Active Directory, I’d recommend that you get hold of these Active Directory Training Videos. If you truly want to Learn Active Directory you won’t find better training than this.