none
AD sites and services replication

    Question

  • I recently prompted a new DC for a new site in AD Sites and Services. Replication is working fine, however the new DC in the new sites has become the one who gets all the <automatically generated> connections to the other sites.

    I need to get these connections to go back to my main site and server.

    I understand that has something to do with the cost of the sites/servers/settings, but where do I set this cost for different sites/servers? I cant find any such setting on the properties on the invidivudal Subnets, Sites, Servers.

    Or maybe thats not it at all? Please provide specific answers where I should change whatever settings neccesary.

    Monday, March 26, 2012 12:01 AM

Answers

  • Hi,

    From what you originally described, it sounded like you wanted to avoid links failing over to domain controllers not in the primary site. If I have understood this part correctly then you need to turn off automatic site bridging. If you leave it on, then domain controllers will attempt to find alternate paths to one another if the domain controllers at the primary site are unreachable.

    It also sounds like you have added all of your sites to the Default-First-Site-Name site link rather than creating a new site link for each branch site between the primary site and the branch site (this is assuming all of your branches are connected directly to your primary site) - if I'm wrong about this, then you can stop reading now. This is fine if you want to treat your branch sites like they're logically part of the same LAN, but it's also highly irregular and also contributes to the behaviour you're experiencing.

    It's important to understand that site links are typically created at a 1:1 ratio with your physical WAN links. There are exceptions to that, of course, but I'm generalising to make the point that you need to accurately represent your physical WAN topology in AD through the creation of new site links as required.

    You might want to have a quick read of this article which discusses the relationship of each object type and provides further links to the conceptual information around how best to represent your physical structure within Active Directory. Depending on what you want to do, you might also want to pay attention to the preferred bridgehead function, but before you worry about that, you need to get your site link structure accurately established.

    Going back to the intstructions I listed, the output of those is that one site will effectively be the primary site, or the hub if you will, while the remaining sites will be connected to that hub site by their own site link. It also prevents the establishment of connectors between sites not directly connected, though whether you elect to use this option is up to you. Sorting out the site link issues would technically be enough to resolve your fundamental issue of having site links pointing to the new site.

    Cheers,
    Lain

    • Marked as answer by Trana010 Tuesday, March 27, 2012 2:09 AM
    Tuesday, March 27, 2012 12:23 AM

All replies

  • Hi,

    It sounds like you either haven't created the Inter-site Transports or the configuration isn't correct for the goals you have in mind.

    If you want to ensure a particular topology is enforced, then you also need to disable the option of bridging sites transitively. If you don't do this, then if you lose connectivity at your primary site, or even if the domain controllers are shut down for a period of time for maintenance, etc, you will find new connections may be established between branch sites.

    It would help to know whether you're talking about Server 2008 or Server 2003, but sinec I'm not sure at this point I'll provide 2008 R2 instructions.

    Disabling automatic site bridging:

    1. Load up Active Directory Sites and Services (dssite.msc)
    2. Expand Sites > Inter-site Transports
    3. Right-click on the IP node and choose Properties
    4. Remove the check next to "Bridge all site links" in the General tab

    Defining the site links:

    1. Load up Active Directory Sites and Services (dssite.msc)
    2. Expand Sites > Inter-site Transports
    3. Right-click on the IP node and choose "New site link"
    4. Give the site link a meaningful name, for example "HubSiteA-BranchSiteB"
    5. Add the hub site as one member and the particular branch site as the second member
    6. Finish and close the dialog
    7. Right-click on the new site link and choose Properties
    8. Specify the Cost: if you are indeed using a hub and spoke model, then arguably this isn't a particularly important setting to change - you could just leave the default in place
    9. Specify the replication interval: even in a hub and spoke model, you might want to adjust this, as you can afford to run a much lower interval for a well connected site (i.e. a dark fibre MAN run) than for a poorly connected site (i.e. ADSL or 64k ISDN)
    10. You can also modify the replication schedule via the Schedule button if you so desire, to restrict replication to certain times of the day and week

    Once you have defined the structure how you'd like it to look, these changes will need to replicate out to all the domain controllers - even the ones in the branch sites. Once that has happened you can trigger the domain controller to check it's topology with the following steps:

    1. Load up Active Directory Sites and Services (dssite.msc)
    2. Expand Sites > [site name] > Servers [server name]
    3. Right-click the NTDS Settings node -> All Tasks -> Check replication topology

    Any changes made by this process will also won't take effect until both sides of the connection have recognised the change. It's not an instantaneous process.

    Cheers,
    Lain

    • Proposed as answer by Sachin Gadhave Monday, March 26, 2012 6:05 AM
    • Unproposed as answer by Trana010 Monday, March 26, 2012 9:23 PM
    Monday, March 26, 2012 5:05 AM
  • Hi trana

    this is happens due to your new site does not belongs to any inter-site- transport link. Open the Active directory sites and services, Open Sites, Inter site transport - Create new site link, specify which sites you need to replicate with your newly created site.

    after creating the site link, delete previously created automatic connections, and wait some time, automatic connections will created with defined sites.   


    Asitha

    Monday, March 26, 2012 6:45 AM
  • Hello,

    you should let the KCC do the job complete, that's the advice from Microsoft.

    http://blogs.technet.com/b/markmoro/archive/2011/08/05/you-are-not-smarter-than-the-kcc.aspx

    repadmin /kcc let the DCs rebuilt the repication topolgy: http://technet.microsoft.com/en-us/library/cc742173(v=ws.10).aspx


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Monday, March 26, 2012 8:10 AM
  • Lain, thank you for your very detailed response, however I fail to see how this will achieve the result I want, following your steps, how does the new link establish which site is the main site to replicate to all others? All sites are just members with the same settings on the site link with these steps. Btw, I have 9 sites, this only became a problem when adding a new site, now all sites replicate first to the new site.

    And yes, I am using 2008 R2 SP1.

    Asitha, I have added the new site to the intersite default transport link already.

    Monday, March 26, 2012 9:23 PM
  • Hi,

    From what you originally described, it sounded like you wanted to avoid links failing over to domain controllers not in the primary site. If I have understood this part correctly then you need to turn off automatic site bridging. If you leave it on, then domain controllers will attempt to find alternate paths to one another if the domain controllers at the primary site are unreachable.

    It also sounds like you have added all of your sites to the Default-First-Site-Name site link rather than creating a new site link for each branch site between the primary site and the branch site (this is assuming all of your branches are connected directly to your primary site) - if I'm wrong about this, then you can stop reading now. This is fine if you want to treat your branch sites like they're logically part of the same LAN, but it's also highly irregular and also contributes to the behaviour you're experiencing.

    It's important to understand that site links are typically created at a 1:1 ratio with your physical WAN links. There are exceptions to that, of course, but I'm generalising to make the point that you need to accurately represent your physical WAN topology in AD through the creation of new site links as required.

    You might want to have a quick read of this article which discusses the relationship of each object type and provides further links to the conceptual information around how best to represent your physical structure within Active Directory. Depending on what you want to do, you might also want to pay attention to the preferred bridgehead function, but before you worry about that, you need to get your site link structure accurately established.

    Going back to the intstructions I listed, the output of those is that one site will effectively be the primary site, or the hub if you will, while the remaining sites will be connected to that hub site by their own site link. It also prevents the establishment of connectors between sites not directly connected, though whether you elect to use this option is up to you. Sorting out the site link issues would technically be enough to resolve your fundamental issue of having site links pointing to the new site.

    Cheers,
    Lain

    • Marked as answer by Trana010 Tuesday, March 27, 2012 2:09 AM
    Tuesday, March 27, 2012 12:23 AM
  • Ok, I see what you are saying now and that would certainly work.

    However, I do want to keep the site bridging, however if the main site DC is online, I want that one to be the first and only replication partner for all other sites.

    Anyway, I turned off the new site DC temporarilly and the main site DC took back the main replication role again, so all is well.

    Tuesday, March 27, 2012 2:09 AM
  • Here is my Advice on setting this up

    A Fast and High availability topology

    https://docs.google.com/document/d/1wdxGmDDBT5_gDe24vDL-DlOVYoXdh1MmfBv2q4qvtMc/edit

    • Proposed as answer by CCraddock Thursday, April 05, 2012 2:58 PM
    Thursday, April 05, 2012 2:58 PM