When I did my AD conference presentations in 2012, Brian Desmond, MBS, Bob Free and ASB all stated to me that AD is not a full mesh replication topology. Many of the issues I see when I do AD assessments is that admins misunderstand that. What they do is create manual connections between all the supposedly missing connections they believe should exist.
I believe Bob Free had me put in my speaker notes (that went into the PDF the attendees received) was "you are NOT smarter than the KCC". Define your subnets. Define your Site topology. Make sure your DCs are in the correct Site (because most people never did the first two items). Delete all manual connection objects. Let the KCC do the rest. Unless you have a really good reason for doing so, NEVER EVER create a manual connection object. If you think you need a manual connection object, please refer to Bob's Rule: "you are NOT smarter than the KCC". Thanks Webster > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Michael Leone > Sent: Wednesday, May 27, 2015 7:38 AM > To: [email protected]; ActiveDir Mailing List > Subject: [NTSysADM] Still confused about AD connections between sites > > OK, I'm still confused, even after reading about how site replication is > supposed to work. In my AD, I have 4 sites: HQ, Site1, Site2, Site3. My > confusion (problem?) is with Site1. > > Site1 has 2 DCs (Win2008 R2 and Win2012 R2). I have IP Inter-Site Transports > defined for: > > HQ <--> Site1 > Site1 <--> Site2 > Site3 <--> Site1 > > (there are other links, but these are the only ones that include Site1) > > So here's what's happening, for the 2 DCs in that site: > > DC1 (Win2008 R2) has links generated for itself to DC2 (Win2012 R2) > DC1 <--> Site2 DC1 > > 1st connection is understandable, it's to the other DC in the same site. 2nd > Connection is understandable, there's a site link between this site and Site2. > But why isn't there a connection back to HQ or Site3? > > Also (still in Site1): > > DC2 (Win2012 R2) has a link generated to DC1 in the same site. But no other > links, to Site2, Site3 or HQ. > (I do see a link from a DC in Site2 to this DC; I see no links from any DC in > Site3 > to any DC in this site. And I see no links from any DC in HQ to this site) > > Am I just misunderstanding, or shouldn't I have more links being generated? > There's no link at all to any DC in Site3 or to HQ. Yet there are transports > defined for it. Replication shows no errors. Site replication is scheduled for > every 15 minutes. I even manually ran "repadmin /kcc" on each DC in this > site, still no new links being generated. > > SO: am I just misunderstanding how the site links work? Shouldn't I have > more links than what are being shown? Especially for the new DC2, which is > only linking to the other DC in the same site, and no where else. > > DCDIAG is coming up with no errors. REPADMIN shows no errors. DNSLINT > shows no error. Am I just misunderstanding? >
