Structure : Physical structure and replication (1)

Physically the AD information is held on one or more equal peer domain controllers (DCs), replacing the NT PDC/BDC format (although there is a 'more equal' flexible single master operation (FSMO) server for some operations, which can simulate a PDC). Each DC holds a single domain partition and a read-and-write copy of the AD; changes on one computer being synchronized (converged) between all the DC computers by multi-master replication. Servers joined in to AD, which are not domain controllers, are called Member Servers.

Unlike earlier versions of Windows which used NetBIOS to communicate, Active Directory is fully integrated with DNS and TCP/IP — indeed DNS is required. To be fully functional, the DNS server must support SRV resource records or service records.

AD replication is 'pull' rather than 'push'. The Knowledge Consistency Checker (KCC) creates a replication topology of site links using the defined sites to manage traffic. Intrasite replication is frequent and automatic as a result of change notification, which triggers peers to begin a pull replication cycle. Intersite replication intervals are less frequent and do not use change notification, although this is configurable and can be made identical to intrasite replication. A different 'cost' can be given to each link (e.g. DS3, T1, ISDN etc.) and the site link topology will be altered accordingly by the KCC. Replication between domain controllers may occur transitively through several site links on same-protocol site link bridges, if the 'cost' is low, although KCC automatically costs a direct site-to-site link lower than transitive connections. Site-to-site replication can be configured to occur between a bridgehead server in each site, which then replicates the changes to other DCs within the site.