Заметки сисадмина » AD Sync Replication best practice

Заметки сисадмина о интересных вещах из мира IT, инструкции и рецензии. Настраиваем Компьютеры/Сервера/1С/SIP-телефонию в Москве

AD Sync Replication best practice

2019-01-29 · Posted in Active Directory

First – these are VMs. DISABLE the Time Sync Hyper-V integration services with the host system. Time Sync should never be enabled in the VM for DCs.


Proper domain controller DNS setup is vital for Active Directory to work properly. Best practice dictates that each domain controller should be setup with a different DNS server as it’s preferred DNS server, and and the loopback address ( as it’s alternate DNS server. If you have more than 2 DNS servers in your domain or forest, you should setup a pattern whereby they all have different primary DNS partners, so that each server is used as someone else’s primary.

If you have just 2 DC’s



If you have 3 or more DC’s



If you have more than one site, rely on AD Sites and Services to ensure replication occurs between the sites. If possible, do not point one site’s DC’s DNS to the other site’s DNS. Each site should have two DC’s, each having the other DC’s IP as the preferred DNS all within the same site.

This is done to ensure that each DC can find its replication partners. Also, a server will reboot faster if an already up and running DC is providing DNS.

Why should you use vs. the IP of the server? is not just a different ip address to the machine ip address, it’s a different interface as well. should not be seen on the local network. It’s a special internal IP address for the loopback adapter. The IP of the server on the other hand is assigned to the network adapter.

Either/or will work, however best practice is to use the local loopback as the IP will never change. Another reason is that using the local loopback does not initiate the network adapter drivers as it is a different interface adapter card

Think of it as a different interface. A different network card.

Leave a Reply