Announcement

Collapse
No announcement yet.

Question regarding the AD Sites & Services connection between DC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Question regarding the AD Sites & Services connection between DC

    Hello,

    Can someone here please shed some light on the AD Sites & Service matter which confuses me ?

    1. Why some domain controller server in my remote office site got multiple <automatically generated> connection which seems to be randomly selected ?

    2. What is the best way to configure the AD replication link between the remote office site and the main Data Centre ADsite ?

    shall I
    manually specify one to the nearest AD Site and one to the Data Centre AD site ?
    or
    manually specify one connection from the office AD site into the Data Centre AD site and leave the <automatically generated> connection to any domain controller in any AD site

    thoughts, comments and advice would be greatly appreciated.

    Cheers.

  • #2
    Re: Question regarding the AD Sites &amp; Services connection between DC

    You need to read up on the KCC, Knowledge Consitency Checker.

    I prefer to leave mine to be automatically done.

    Comment


    • #3
      Re: Question regarding the AD Sites &amp; Services connection between DC

      Originally posted by wullieb1 View Post
      You need to read up on the KCC, Knowledge Consitency Checker.

      I prefer to leave mine to be automatically done.
      what if I had already deleted the <automatically generated> connection to random AD and then manually specify the AD in the Data Center AD site ? so everything is pointing to the Data Center domain controller.

      is there any preference over which FSMO role should I point it to ?

      Comment


      • #4
        Re: Question regarding the AD Sites &amp; Services connection between DC

        Have you read up on it?

        It doesn't really matter what way that you do it.

        Why are you talking about FSMO roles? It just needs to point to a DC.

        Comment


        • #5
          Re: Question regarding the AD Sites &amp; Services connection between DC

          Originally posted by wullieb1 View Post
          Have you read up on it?

          It doesn't really matter what way that you do it.

          Why are you talking about FSMO roles? It just needs to point to a DC.
          ok, if that is the case, then I'd delete all of the existing manual connection to the DC and then recreate the automatic connection using:

          - delete the manually created connections
          - Right click on the NTDS setting in the respective site
          - Under All Tasks, select "check replication topology"

          Do you mean this article from MSDN: https://msdn.microsoft.com/en-us/lib...085.aspx?f=255

          Comment


          • #6
            Re: Question regarding the AD Sites &amp; Services connection between DC

            IMHO automatic is preferable to manual as if a manually specified DC is down, replication will not work, however with automatic the KCC will attempt to find another route.
            As Wullie says, leave it alone!
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Question regarding the AD Sites &amp; Services connection between DC

              Originally posted by Ossian View Post
              IMHO automatic is preferable to manual as if a manually specified DC is down, replication will not work, however with automatic the KCC will attempt to find another route.
              As Wullie says, leave it alone!
              Yes, that's what I thought so. But in this case in some of the site office Domain Controllers, I couldn't find the <automatically generated> connection anymore, I guess someone replaced it with the 2x static connection to the 2x Domain Controllers in the Data Centre AD sites.

              so can I just delete them both and then recreate two of the <automatically generated> connection ?

              Comment


              • #8
                Re: Question regarding the AD Sites &amp; Services connection between DC

                Yes, you should be able to
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Question regarding the AD Sites &amp; Services connection between DC

                  Originally posted by Ossian View Post
                  Yes, you should be able to
                  Thanks Ossian.

                  I was under the impression that all Site Office connection must be pointing to the Data Centre AD/DC servers, but it seems that it doesn't have to be.

                  So in this case, the value in the <automatically generated> connection is dynamically changed based on KCC algorithm ?

                  Comment


                  • #10
                    Re: Question regarding the AD Sites &amp; Services connection between DC

                    Correct - the KCC will run every 15 minutes by default and generate connections based on the current state of connectivity between sites
                    (see https://technet.microsoft.com/en-us/.../cc961781.aspx)

                    I think of it as similar to the internet where routers will work around problems without manual intervention

                    The only time I have attempted to change it (to force replication via a central site) was too prone to errors if any link went down, so I rapidly changed back to automatic
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment


                    • #11
                      Re: Question regarding the AD Sites &amp; Services connection between DC

                      Originally posted by Ossian View Post
                      The only time I have attempted to change it (to force replication via a central site) was too prone to errors if any link went down, so I rapidly changed back to automatic
                      Our network was setup like this by the previous administrator in my role.

                      Our central office was the hub and all DC's replicated back to here with these manual settings.

                      Removed all of them and set to automatic and bingo things start working correctly

                      Comment

                      Working...
                      X