Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

KCC - Connections

Status
Not open for further replies.
mizzy

mizzy

IS-IT--Management
Jun 28, 2001
277
AU
Hi there,

I am currently designing a Windows 2003/Windows 2000 AD.

I have a multinational organisation with 20 locations around the world. I want a multimaster configuration.
I also want a hub and spoke topology.
I would like to schedule the replication times.
(I have two domains, Empty root plus the main domain)

I want all changes to be replicated via London. So for example if my IT guy in Madrid adds a user I want it replicated to Rome via London.

This all seems to be straightforward enough I just create the sites and subnets and then link each site to London.

The I come across the KCC. From what I can see the kcc AUTOMATICALLY! creates connections between all DC's in the domain! STOP! now way! I have enough pressue on bandwidth as it is.

Two questions
1. Have I misinterpreted what kcc does
2. If I have not misinterpreted how do I stop the kcc creating automatic connections?

regards,
 
Sort by date Sort by votes
Hi,

Your interpretation is correct. In the URL below you can see how to disable the KCC from making new connections.


There's one if... by disabling the KCC from making new connections you lose an important piece of Active Directory redundancy. In other words if one (or more) of your DC's crash the KCC is unable to create a new replication path to the remaining sites/dc's thus making it impossible to replicate.

Regards,
MJanssen
 
Upvote 0 Downvote
Hi,

I forgot to mention.. in this case you might be better of tweaking the cost of the different sitelink objects.

regards,
MJanssen
 
Upvote 0 Downvote
Hi MJanssen,

Many thanks for your help.

I see where you are coming from with redundancy. However I do the same(hub/spoke) with Lotus notes and its no big deal(from a replication point of view) if the hub server goes down or a connection is lost, the changes are simply applied when the server/connection comes back. Would this not be the case with AD?

I would leave the KCC but my concern is bandwidth. The AD seems as if it can get huge. In a test domain with 20 users a a few groups its already 14MB (NTDS.DIT)
What happens the first time a DC in a new site is setup with a 128KB line? Imagine it 100MB of data coming down a 128k line! I know it is possible to put the AD on CD, bring it to the new site and install it locally but is this possible if the new DC is Windows 2000?(I will have a mixture)


Regards,

 
Upvote 0 Downvote
Hi,
Yes, AD would restore replication when the connection comes back on-line. Just make sure you keep the down-time as short as possible. Depending on the amount of object/attribute changes in your AD, A long downtime could result in replication conflicts or even data loss.

Running DCPromo will start replication. It get's even worse. Replication of the NTDS.dit is only part of the replication process. The sysvol will also replicate throughout your domain. So beware of large GPO's and other scripts (NT4netlogon).

Aside from changing the cost of a sitelink object you can also schedule replication to run only during non-office hours.

The following link will give you some ideas on the growth of the Database size

Another way of dealing with AD traffic is using band-with throtling on another level.
Depending on your network equipment you could configure the network equipment to reserve a part of the total line capacity just for AD traffic. This way the remaining capacity can be used for other kinds of traffic without interference of AD traffic(QOS=Quality of Service)

Another way of making sure you don't have to replicate AD over a small link is to create a staging site. This basically means doing a local install of a DC (including replication) followed by shipping the DC to the branch office location. See the link below for more information on this topic.


It is possible to restore AD to another domain controller and i don't see why restoring a w2k3 backup of an AD Database to a w2k DC (in the same domain/Forest/Schema) shouldn't work. I have to say that i never tried this myself. You could try it by doing a non-authoritive restore of the complete database and sysvol.

Here's another link on replication:


regards,
 
Upvote 0 Downvote

Cheers, thats very kind of you to take the time to write an excellent document. I'm slowly getting my head around it all.

The only unfortunate thing is that my Windows 2000 boxes are already in production as standalone servers, so I cannot remove them and do a local install.
Its going to have to be a restore. I'll give this a go in my test environment and let you know what happened.

I do have one final question about KCC. Just because the KCC creates a connection between two sites does that mean that replication will automatically occur over that connection? What stops replication from occurring over all connections created by KCC.

Regards,

 
Upvote 0 Downvote
Hi,

I'm not sure if I understand the question but...
Normally the KCC will check the replication topology at regular intervalls but it will only make a new connection when things have changed. An example of a change could be the failure of a WAN connection or the creation of a new site.
...And yes it will use this newly created connection for replication.

To stop the KCC for making new connections I refer to the link in my first reply.
If you want to disable/enable inbound and/or outbound replication on a DC you can use the resource kit command line tool repadmin.
to disable inbound/outbound replication
repadmin /options <dc.your.domain> +DISABLE_OUTBOUND_REPL
repadmin /options <dc.your.domain> +DISABLE_INBOUND_REPL
to enable inbound/outbound replication
repadmin /options <dc.your.domain> -DISABLE_OUTBOUND_REPL
repadmin /options <dc.your.domain> -DISABLE_INBOUND_REPL

Last but not least. Some more info explaining the KCC

regards,
 
Upvote 0 Downvote
Hi there,

FYI.

I created the following test environment

Site1 - 192.168.1.0
Site2 - 192.168.4.0

Site1 contains two DC's. DC1 and DC2
Site2 contains one DC, DC3

DC1 is the first DC in the forest and is in its own domain domain1.com
DC2 is the second DC in the forest and it is in its own domain domain2.com
DC3 is the third DC in the forest and the second DC in the domain domain2.com

The KCC has created the following connections

DC1--->DC2
DC2--->DC1
DC2--->DC3
DC3--->DC2

I was expecting KCC to create connections between DC1 and DC3. It did not.

Therefor the KCC does NOT create connections between every DC. From what I can see the KCC creates connections between a new DC and the DC that it used to replicate the AD in the first instance.

Regards,
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Nikolas1987
  • Locked
  • Question
Remote Desktop has exceeded the maximum number of allowed connections
Replies
5
Views
132
strongm
strongm
gavm99
  • Locked
  • Question
IIS Refusing External Connections for OWA
Replies
2
Views
85
gavm99
gavm99
pmaths
  • Locked
  • Question
Domain Controller Not Booting - Stuck Preparing Network Connections
Replies
1
Views
51
itsp1965
itsp1965
surecomms
  • Locked
  • Question
How do I export network connections
Replies
1
Views
45
IllogicallyLogical
IllogicallyLogical
Kooch
  • Locked
  • Question
Web service connections always climbing
Replies
0
Views
31
Kooch
Kooch

Part and Inventory Search

Sponsor

Back
Top