To answer your question: You can use each DC you want. In the end it will replicate to the location where it applies You need however to this for the sites you want to disable the KCC/ISTG (inter site) Before you go on with this, check what is wrong, because this should work. Check the event logs again and run DCDIAG again to see what it says now, after you disabled the auto link bridging. So if you would like run the following commands against AD (just querying) and mail the output to me OFFLINE and I'll take at look at it to see if I can find anything strange. post also the ouput of DCDIAG for all DCs (if i remember correctly you do not have that many DCs, right?) ADFIND: http://www.joeware.net/win/free/tools/adfind.htm determine sites: adfind -config -f "(objectClass=site)" -dn determine subnets and associated subnets: adfind -config -f "(objectClass=subnet)" distinguishedname siteobject determine properties of the intersite transports adfind -config -f "(objectClass=interSiteTransport)" determine site links and associated sites: adfind -config -f "(objectClass=sitelink)" distinguishedname sitelist determine all Site link bridges and its properties adfind -config -f "(objectClass=siteLinkBridge)" determine all NTDS Site Settings objects for each site and its properties adfind -config -f "(objectClass=nTDSSiteSettings)"
determine all NTDS Settings objects for each DC and its properties adfind -config -f "(objectClass=nTDSDSA)" determine all replication connections and its properties adfind -config -f "(objectClass=nTDSConnection)" Cheers #JORGE# ________________________________ From: [EMAIL PROTECTED] on behalf of Noah Eiger Sent: Sun 8/7/2005 11:13 PM To: [email protected] Subject: RE: [ActiveDir] Branch Office Question Thanks, Jorge. So the KCC is on at all sites. In my situation, I want to disable the KCC. A few questions: - Is the command to do so: repadmin /siteoptions branch1dc.company.com /site:branch1 +IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED - Do I have to run this against each DC? - I believe I only want to disable the INTER_SITE, not the INTRA_SITE, right? - Do I think need to manually create the connection objects or can I just leave the auto generated ones in place? - Does all this change if the VPN topology allows for a fully routed network? Thanks. -- nme P.S. I checked the questions you asked. DCs and GCs are correct; no custom site links or connections; site membership is correct. > -----Original Message----- > From: Almeida Pinto, Jorge de > [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 06, 2005 11:59 AM > To: [email protected]; [email protected] > Subject: RE: [ActiveDir] Branch Office Question > > I expected that.. in a few words hub-and-spoke topology in a > non fully routed network. For this to work you need a site > for each location and a site link between each spoke (the > bracnhes) and the hub and auto site link bridging is off > > The other thing I can think of: > * Is each DC/GC in the correct site? > * Do you have custom site link bridges? > * Do you have custom connections (auto connections are > visible as automatic connections and custom connections are > visible as GUIDs) > * Check the site membership of the site links. Is it correct > * Other site links connecting the branches somehow > * etc > > By the way. To see if the KCC/ISTG for a site has been > disabled open up the properties of the NTDS Site Settings > object of each site. If you see yellow exclamation marks at > the bottom with text explaining it, the KCC is disabled. If > you don't see anything it is enabled > > You can also check it with: > repadmin /siteoptions <DC> /site:<SITE> > > Default-First-Site-Name > Current Site Options: (none) -> means the KCC is not disabled > > > Default-First-Site-Name > Current Site Options: IS_AUTO_TOPOLOGY_DISABLED > IS_INTER_SITE_AUTO_TOPOLOGY_DISA BLED -> means the KCC is > disabled for intrasite and intersite > > Cheers > #JORGE# > > ________________________________ > > From: Noah Eiger [mailto:[EMAIL PROTECTED] > Sent: Sat 8/6/2005 6:38 PM > To: [email protected] > Subject: RE: [ActiveDir] Branch Office Question > > > Thanks, Jorge. > > The topology is as follows: > - Each office connects to the hub via a point-to-point VPN. > That is, there is no bridging at the hub -- this is a > bandwidth consideration. > - As for AD: we have three sites Hub, B1, B2, and B3. > - Each has a single DC that is also a GC. > - There are three IP site links: Hub-B1, Hub-B2, and Hub-B3. > I am not sure, but at one point there may have been a single > site link containing all sites. If there was, it is gone now. > The ISTG created a "web" topology. However, we were getting > replication errors. I manually deleted the connection objects > that connected the hubs to eachother. Those connection > objects have not regenerated. There are no manually created > connections. Finally, I recall that there is a setting (reg > edit?) that tells the ISTG to _not_ automatically create > connections. To my knowledge, this setting is not enabled. > > Anything else I should check? > > -- nme > > > ________________________________ > > From: Almeida Pinto, Jorge de > [mailto:[EMAIL PROTECTED] > Sent: Friday, August 05, 2005 6:36 PM > To: [email protected] > Subject: RE: [ActiveDir] Branch Office Question > > > May look as I silly question but can you point out > (just to be sure) how your site and replication topology > looks like? How many sites and how many site links do you > have and how are those connected? I assume one domain and > each DC = GC... > > #JORGE# > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Noah Eiger > Sent: Sat 8/6/2005 3:22 AM > To: [email protected] > Subject: RE: [ActiveDir] Branch Office Question > > > > Hi Jorge: > > Thanks for the suggestion. That checkbox was indeed > checked. I have > unchecked it and waited longer that a day. Replication > seems to have worked > and the box is unchecked at all branch sites. The > errors persist at all > branch sites. > > Any further thoughts? > > -- nme > > > -----Original Message----- > > From: Almeida Pinto, Jorge de > > [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 04, 2005 10:21 AM > > To: [email protected]; > [email protected] > > Subject: RE: [ActiveDir] Branch Office Question > > > > so, your network is not fully routed? is auto site link > > bridging enabled or disabled. If it is enabled, disable it! > > > > To to so: > > * start sites and services > > * goto to Inter site transports > > * right click IP and uncheck "bridge all sitre links" > > > > wait until this has replicated to the other DCs > > > > Cheers > > #JORGE# > > > > ________________________________ > > > > From: [EMAIL PROTECTED] on behalf of > Noah Eiger > > Sent: Thu 8/4/2005 6:41 PM > > To: [email protected] > > Subject: [ActiveDir] Branch Office Question > > > > > > Hi - > > > > Ok. Finally, one of my questions is ON topic ;-) > > > > I have three branch office sites that connect to a single > > hub. VPN connectivity, Site links, and connection objects > > only allows each branch to see the hub. Replication is > > working smoothly and consistently. Yet, I am still seeing > > repeated errors in the Event Viewers of the branches > > complaining that they cannot see one another. > > > > The options offered in the errors all seem to point to trying > > to get the branches to see one another (e.g., "publish > > sufficient site connectivity information..."). I want to tell > > it not to look for the other branches at all. > > > > Specifically, I see: > > > > Event Type: Warning > > Event Source: NTDS KCC > > Event Category: (1) > > Event ID: 1566 > > Date: 7/29/2005 > > Time: 11:45:08 AM > > User: N/A > > Computer: BRANCHDC1 > > > > Event Type: Error > > Event Source: NTDS KCC > > Event Category: (1) > > Event ID: 1311 > > Date: 7/29/2005 > > Time: 11:45:08 AM > > User: N/A > > Computer: BRANCHDC1 > > > > Thanks. > > > > -- nme > > > > > > This e-mail and any attachment is for authorised use by the > > intended recipient(s) only. It may contain proprietary > > material, confidential information and/or be subject to legal > > privilege. It should not be copied, disclosed to, retained or > > used by, any other party. If you are not an intended > > recipient then please promptly delete this e-mail and any > > attachment and all copies and inform the sender. Thank you. > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
