The first domain controller is a server that has Active Directory (a kind of organization database). The active directory identified each component / resource connected to the domain, be it logical (user) and physical (computer and printer) as an object. This object has properties known as a schema. This schema was a directory in the repositories known as GC (global catalog), but gc has only partial information so that resources can be located. Now, coming to this policy. There are two GPO and OU objects. A GPO is a set of policies that you can apply in a business unit or higher grouping unit. See how communication takes place. Again, there are two commonly used terms: 1. replication and 2. LDAP Query.
Replication is performed between the controller so that you can reduce network traffic and increase the availability of resources connected to the server. During replication, all resource information is synchronized with the server. To ensure the integrity of the security system, there is a certificate (which provides identification, as well as an encryption mechanism) and delegation (granting rights).
LDAP is the protocol through which the user goes through authentication. Thus, LDAP has a query that is similar to another query language. Well, all this request was ultimately recorded on the server.
A GPO is replicated to resources or can be enforced. If you want to do it immediately.