Active Directory uses sites and replication topology to optimize traffic between domain controllers. The Knowledge Consistency Checker (KCC) generates replication topologies within and between sites. The KCC runs locally on each domain controller and communicates with other KCCs through RPC calls to identify replication errors. One domain controller per site is selected as the Intersite Topology Generator (ISTG) to manage bridgehead servers for site-to-site replication. The KCC and ISTG work together to automatically configure and maintain an optimized replication topology across all domain controllers in the Active Directory forest.

1. How Active Directory
Replication Topology
Works

2. Active Directory uses sites to:
 Optimize replication for speed and bandwidth consumption between domain
controllers.
 Locate the closest domain controller for client logon, services, and directory
searches.
 Direct a Distributed File System (DFS) client to the server that is hosting the
requested data within the site.

3. Active Directory KCC Architecture and
Processes
 The replication topology is generated by the Knowledge Consistency Checker
(KCC)
 The KCC functions locally by reading, creating, and deleting Active Directory
data
 KCC that runs on one domain controller does not communicate directly with
the KCC on any other domain controller..

4. Active Directory KCC Architecture and
Processes
 The KCC communicates with other KCCs only to make a remote procedure call
(RPC) request for replication error information.
 The KCC uses the error information to identify gaps in the replication
topology.
Note
The KCC uses only RPC to communicate with the directory service. The KCC
does not use Lightweight Directory Access Protocol (LDAP).

5. ISTG & KCC
 One domain controller in each site is selected as the Intersite Topology
Generator (ISTG).
 To enable replication across site links, the ISTG automatically selects one or
more bridgehead servers to perform site-to-site replication.
 A bridgehead acts like a gateway for Site-To-Site Replication.
 Thus, the scope of operation for the KCC is the local server only, and the
scope of operation for the ISTG is a single site.

7. KCC creates two types of topologies: intrasite and intersite.
Within a site, the KCC creates a ring topology by using all servers in the site. To create the intersite topology, the
ISTG in each site uses a view of all bridgehead servers in all sites in the forest.

8. Control Replication Latency and Cost
 Replication latency begins when a directory update occurs on an originating
domain controller and ends when replication of the change is received on the
last domain controller in the forest that requires the change.
 A lower-cost route is preferred by the ISTG when generating the replication
topology.

9. Effect Client Affinity
 Active Directory clients locate domain controllers according to their site
affiliation.
 Domain controllers register SRV resource records in the DNS database that
map the domain controller to a site.
 When a client requests a connection to a domain controller (for example,
when logging on to a domain computer), the domain controller Locator uses
the site SRV resource record to locate a domain controller with good
connectivity whenever possible.
 Sites can also be used by certain applications, such as DFS, to ensure that
clients locate servers that are within the site or, if none is available, a server
in the next closest site.

11. Connection Objects
Ownership of Connection Objects
 Connections that are created automatically by the KCC are “owned” by the KCC. If
you create a new connection manually, the connection is not owned by the KCC. If
a connection object is not owned by the KCC, the KCC does not modify it or delete
it.
 If you use an LDAP editor such as Ldp.exe or Adsiedit.msc to change a connection
object property, the KCC reverses the change the next time it runs.
 If you use Active Directory Sites and Services to change a connection object
property, the object is changed from automatic to manual and the KCC no longer
owns it.
 If you create a new connection object that duplicates one that the KCC has
already created, your duplicate object is created and the KCC-created object is
deleted by the KCC the next time it runs.

12. NTDS Site Settings Object
 The identity of the ISTG role owner for the site. The KCC on this domain
controller is responsible for identifying bridgehead servers.
 Whether domain controllers in the site cache membership of universal groups
and the site in which to find a global catalog server for creating the cache.
 The default schedule that applies to connection objects.

13. Replication Transports
There are three levels of connectivity for replication of Active Directory
information:
 Uniform high-speed, synchronous RPC over IP within a site.
 Point-to-point, synchronous, low-speed RPC over IP between sites.
 Low-speed, asynchronous SMTP between sites. (For DC’s belonging to
different domain. Only Configuration, Schema and GC replication)

14. Site Link Replication Interval Schedule
AB 30 minutes 12:00 hours to 04:00 hours
BC 60 minutes 01:00 hours to 05:00 hours

15. Simple Ring Topology that Requires No
Optimization

16. Ring Topology for Two Domains in a
Site that Has No Global Catalog Server

17. Intrasite Topology with Optimizing
Connections

18. Thank You