- Windows Server
- 16 April 2021 at 12:56 UTC
-
When you have an Active Directory environment with multiple domain controllers, replication is automatically enabled and managed by the KCC service.
To add a domain controller to an existing Active Directory domain, refer to our tutorial: WS 2016 - AD DS - Add a domain controller to an existing AD domain.
1. Connection objects
When you add domain controllers in an Active Directory environment, connection objects are created on each domain controller to manage replication between them.
Each connection object links 2 domain controllers and must be present on the 2 domain controllers so that replication can take place between them.
These connection objects are children of the "NTDS Settings" object found in each computer object associated with a domain controller.
You can easily view these connection objects from the "Active Directory Users and Computers" console by going to the properties of a domain controller, then clicking on "NTDS Settings -> Connections".
By default, these connection objects are created automatically by the KCC service, but they can also be created or edited manually.
However, be aware that if you modify one, the KCC service will no longer edit it. It will therefore be up to you to modify it again later if necessary.
2. KCC (Knowledge Consistency Checker)
The Knowledge Consistency Checker (KCC) service is present on all domain controllers and takes care of generating the replication topology between the different domain controllers of your Active Directory environment.
When domain controllers are added, deleted or moved from one Active Directory site to another, this KCC service regenerates the replication topology between your different domain controllers.
In the event of failed domain controllers, the KCC service will create additional temporary connection objects to ensure that replication can take place correctly.
Note that this KCC service manages the replication topology on the same Active Directory site, but also between your different Active Directory sites.
Although Active Directory inter-site replication requires additional configuration allowing you to manage the planning of the replication processes, the management of costs (for the bandwidth, for example), ...
Any modification made to the configuration of your Active Directory sites obviously begets the automatic update of the replication topology of your Active Directory environment by the KCC service.
Finally, be aware that when you have several Active Directory sites, a single KCC service manages the connection objects between the different sites.
3. Updating changes
When you edit objects or attributes on an Active Directory object, the affected domain controller automatically tells to its replication partners that such or such object has been modified. These changes are therefore automatically replicated to your other domain controllers.
Share this tutorial
To see also
-
Windows Server 4/30/2021
Windows Server - AD DS - Overview of Active Directory functional levels
-
Windows Server 4/3/2021
Windows Server - AD DS - The basics of Active Directory
-
Windows Server 5/21/2021
WS 2016 - AD DS - Add a domain controller to an existing AD domain
-
Windows Server 6/4/2021
WS 2016 - AD DS - Add an Active Directory subdomain
You must be logged in to post a comment