The Synchronize Monitor view contains several columns of information for both the Selected Domain Controller and All Domain Controllers within a domain:
Machine: The name of the selected Primary Domain Controller or Backup Domain Controller.
Sync. Item: A description of the sync item.
Status: In the case of sync item Connection Status, this contains any error that may occur or zero (0), if no errors.
All other sync items indicate Yes if sync item is occurring or No, if sync item is not occurring.
Last: The data and time the sync item last occurred.
Count: The number of times the sync has occurred.
Error: The error condition.
It is possible to miss a sync event if the event occurs between checks. A smaller refresh interval could help eliminate this condition.
The NetLogon Service automatically synchronizes changes in the Windowsdirectory database stored on the Primary Domain Controller (PDC) to all Backup Domain Controllers (BDC). Based on settings in the registry, the PDC sends timed notices that signal the BDCs to request changes at the same time. When a BDC requests changes, it informs the PDC of the last change it received so that the PDC can determine whether a BDC needs updating. If a BDC is up to date, its NetLogon service does not request changes.
The NetLogon Service synchronizes three domain directory databases: the security accounts manager (SAM) database, the SAM built-in database, and the Local Security Authority (LSA) license database.
Contains Microsoft domain user and group accounts that you create. Includes all computer accounts added to the domain such as domain controllers (DCs) and Windows-based computers.
SAM built-in database
Contains the local computer's built-in user and group accounts such as Administrator and Domain Admins.
LSA license database
Contains LSA Secrets that are used for trust relationships and DC computer account passwords. Also includes the account policy settings that you configure.
When a backup domain controller is initialized or restarted in the domain.
When "forced" by a network administrator using Server Manager.
It occurs automatically by the DCs, depending upon members' registry configuration.
The change log records changes to the domain-directory databases, including new or modified passwords, user and group and accounts and group membership and user rights. Its size determines how many changes the log can hold and the duration. Typically, the change log holds approximately 2000 changes, retaining only the most recent changes and deleting the oldest ones first. When a BDC requests changes, it receives only changes that occurred since the last synchronization.
The NetLogon Service checks for updates every five minutes (default). If a BDC does not request changes in a timely manner, the entire domain directory must be copied to that BDC. For example, if a BDC is offline for a time (such as for system repair), more changes could occur during that timeframe than can be stored in the change log.
Partial synchronization consists of the automatic, timed replication of directory database changes to all BDCs since the last synchronization. Full synchronization copies the entire directory database to a BDC. This occurs automatically when changes have been deleted from the change log before replication or when you add a new BDC to a domain.
Both the NetLogon Service updates and the change log size ensure that full synchronization does not start up under most operating conditions. In the WAN environment, you can control and refine NetLogon activity using the member registry entries and a variation of the following method.
To reduce the number of full synchronizations needed in a WAN environment:
Build BDCs at the corporate network site so that the full directory database can be quickly transferred from a PDC to BDCs.
Send the new BDCs to the branch offices
Put the new BDCs into service as soon as possible (within 3 to 6 days of dispatch).
When the new BDC starts up, it contacts the PDC to obtain any directory database changes that occurred while the BDC was offline.