Re: AD <Automatically generated> site replication links

Hi Steve

I did what you told me. I have created 8 IP site links, each containing just
two sites: Basel as the main office and an external site. I set all the site
link schdules to 15 minutes and left costs to 100. I used ldp to delete the
option settings that disabled KCC.

The system created me <Automatically generated> site replications but this
time, the master server of Basel was always the destination of the linl
whereas each other DC was the source.

I have checked the replication status and it seems OK... but I'm not very
sure that it works well. To verify the thing, I changed little things like
the description field on some user objetcs, but after hours it does not
replicate or only from the outside location to the main office. As already
mentioned, I checked several times the replication status through replmon,
but it tells me that everything is OK...

What do you think of it ? Should I try with more sensitive parameters like
passwords or new user objects ?

or what is the best option in REPLMON to verify that everything works fine ?

and thanks for all your replies
Nicolas



"Steve B" wrote:

Forgot to put in Step 4:

Add only the sites Wien and Basel to the site link.

"Steve B" wrote:

OK...the problem is simply down to the IP Site Link containing all the sites.
Since 'Bridge Site Links' is enabled (the default), this is telling the KCC
that is can create connection objects between any pair of domain controllers.
As you are seeing for yourself (before you disabled it) this is what it was
doing. Note - there is a difference between sites and connection objects.
The KCC generates inter-site connection objects based on your site link.

To correct the problem, I would do the following:

1) Enable the KCC again. It really needs to run since it will save you
administrative time - especially during recovery and DR

2) Edit the site link called "IP Site Link " and remove all of the sites
except for Basel and Zurich (i.e. there is now only two sites in the link).
You can keep the cost and schedule the same.

3) Rename the IP Site Link to something like "Zurich to Basel Site Link"

4) Create a new site link called something like "Wien to Basel Site Link".
Give it the same cost and schedule as the Zurich to Basel Site Link

5) Repeat step 4 for every other site... i.e. "name of remote location to
Basel Site Link". Assign each one the same cost and schedule as before.
There should only be two sites in each site link.

6) Let replication occur across the entire estate. You could force this
using replmon.

7) Delete your manual connection objects. Force the KCC to check the
replication topology.

Your done. The replication topology should now be generated as you want.

If you have a secondary site that acts as a DR point for replication - you
can create site links to this site - just ensure that you assign the site
links a higher cost than the primary link (i.e the link to Basel).

If you unsure about anything above, please post another message.

"Nicolas Heyer" wrote:

yes

the IP SITE LINK contains all the sites. This morning I also set the
synchronisation delay to 15 minutes to reflect the manual links I've created.
I deleted all the <automatically created> links created this night, and they
did not reapper since that (about 3 hours now). But I think it is too short
to consider it as a closed case.

"Steve B" wrote:

Hi,

Thanks for the information. When you state "I have created an IP SITE LINK
" is this just one site link with the three sites in it? Just to clarify, I'm
not talking about the manual links (i.e. manual connection objects you've
created between DCs) - rather the site link(s).


"Nicolas Heyer" wrote:

Hello everyone

first of all i would like to thank you all for your answers. As I wrote it
yesterday, I found the article 242780 in the MS knowledge base, applied it on
all sites and was pretty sure, this would solve my problem... but the site
links were created once again this morning. So I try to be a little more
explicit and tell you how our topology is and how I would like our AD to be
replicated. I simplify it a little as we have 8 locations in real, but let's
talk about 3, it resumes already my problem:

I have a main location in Basel with two Domain Controllers (several subnets
in the same site)
I have a location in Zurich with 1 DC (one subnet)
I have a location in Wien with 1 DC (one subnet)

I have created the 3 sites and associated the subnets to their sites.
I have created an IP SITE LINK (schedule the whole day, every 120 minutes,
costs: 100)
I have created a manual link from each DC in our central location to each
server on our outside locations:

Basel1 ---> Zurich1 (IP replication every 15 minutes the whole day)
Basel1 ---> Wien1 (IP replication every 15 minutes the whole day)
Basel1 ---> Basel2 (IP replication every 15 minutes the whole day)

and

Basel2 ---> Zurich1 (IP replication every 15 minutes the whole day)
Basel2 ---> Wien1 (IP replication every 15 minutes the whole day)
Basel2 ---> Basel1 (IP replication every 15 minutes the whole day)

After some hours, the system created an <automatically generated> link in
almost each site where Wien1 is the source server.

Though all the physical links come and go from/to Basel, this isn't a good
thing. So I used the article described before to modify with LDP.EXE the NDTS
settings of each site by entering the "option" parameter with the value 16:
this should prevent the KCC from created those <automatically generated> site
links between different sites. But it seems to have no effect.

The modification were taken and the commands I entered did show no error
when interpreted by the system, but I would like to be sure the KCC doesn't
act anymore but I did not find exaclty in the replication monitor, which
option to use to verify if everything has been set.

So I'm still in the "cold" this morning. If someone could help me.

Regards
Nicolas



"Ryan Hanisco" wrote:

Hi Mathieu,

You can do this, but the AD does have a process that it follows when it
can't find a DC in the local subnet so you don't have to explicitly have to
do something unless it is very important for you to control this fail-over.

The order will be determined by the replication topology but will ultimately
end at the PDCe and the default-first-site.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"Mathieu CHATEAU" wrote:

hello,

if you want all servers from unassigned subnet to go on one DC, you must
create a supernet.
Let's say 10.0.0.0/8, that you will bind to the DC main office.

When starting, a computer look for the most closer subnet. So if it find a
10.1.0.1/24, it will bind to it (and not to the default one).

When having mutliple site, you must always define one "super" subnet site
where all computers will default if nothing closer is available.
That also ensure that if one your site doesn't have any available DC, it
will connect to the main office DC and not another deported site.

Hope i am clear enough !


--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


"Nicolas Heyer" <NicolasHeyer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F0243780-D91C-4F52-9624-577170414314@xxxxxxxxxxxxxxxx
Hello

we have several locations that are all connected to our central main
office
in a star tolopigy. All our windows DC server are installed with Windows
Server 2003 R2. Sites based on subnets have been created and we would like
all the servers in the outside locations to replicate from the main
office.

One server in our main office has all the 5 FSMO roles.

If we manually configure the site links to replicate as we would like it
to
be, we remark that after a few hours, the system creates additionally
<automatically generated> links where the main server is located outside
the
main office and connected over a "relative" slow link when compared to
other
links.

Why does AD ignore the actual configuration and tries to create its own
replication topology ? Is there a way to get over it ?

Thanks for any reply
Nicolas


.

Relevant Pages

  • Re: AD site replication links
    ... OK...to get back to normal...I would move one server at a time back to its ... correct site and ensure that replication is working before moving anymore. ... Look under NTDS Settings for the Basel domain controller - there should ... The KCC generates inter-site connection objects based on your site link. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD site replication links
    ... Look under NTDS Settings for the Basel domain controller - there should ... I have checked the replication status and it seems OK... ... that is can create connection objects between any pair of domain controllers. ... The KCC generates inter-site connection objects based on your site link. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD site replication links
    ... Add only the sites Wien and Basel to the site link. ... The KCC generates inter-site connection objects based on your site link. ... Let replication occur across the entire estate. ... I have a location in Zurich with 1 DC (one subnet) ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD site replication links
    ... OK...the problem is simply down to the IP Site Link containing all the sites. ... Since 'Bridge Site Links' is enabled, this is telling the KCC ... Let replication occur across the entire estate. ... I have a location in Zurich with 1 DC (one subnet) ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD site replication links
    ... OK...to get back to normal...I would move one server at a time back to its ... correct site and ensure that replication is working before moving anymore. ... Look under NTDS Settings for the Basel domain controller - there should ... I have a location in Zurich with 1 DC (one subnet) ...
    (microsoft.public.windows.server.active_directory)