Friday, November 9, 2007

The KKC (Knowledge Consistency Checker)



The KKC (Knowledge Consistency Checker) is a build in process which creates the replication topology in active directory Forest. By default the KCC runs every 15 minute intervals and dictates the replication routes from a domain controller to another DC. To make it simpler, if you have a domain controller in site-B and you have created a user here. The user object is going to be added .DIT database on this domain controller. IF there is a domain controller on Site-A and they are not able to see the user object created on Site-B, this is because the replication is not happening form Site-B domain controller to the Site-A domain controller. There might ne number of different reasons why KCC cannot or don't want to create the KCC connection from site-B to Site-A. Thumb of rule is the figured out what culprit is.

Creating manual connections might save the day. The issue regarding AD replication might be connected to Exchange. A user go created the RUS is not stamping the user; therefore SMTP Proxy address never gets generated.

Note: Microsoft does not recommend creating manual connections, since KCC is automated process and design to figured out the best path for replication, Microsoft recommends

To create a manual connection goes to site and services, Extend Site, click server object, select NTDS settings

  • Make a right click
  • New active directory connection
  • Select a domain controller from the list, click ok and finish.

Wait for changes gets replication in the AD topology. On the connector and choose replicate now.

The Purpose of KCC

Data integrity is maintained by tracking changes on each domain controller and updating other domain controllers in a systematic way. Active Directory replication uses a connection topology that is created automatically, which makes optimal use of beneficial network connections and frees the administrators from having to make such decisions.

What replicates with KCC?

  • Each combination of directory partitions that must be replicated
  • Domain controllers that store the same domain directory partition must have connections to each other
  • all domain controllers must be able to replicate the schema and configuration directory partitions

The routes for the following combinations of directory partitions are aggregated to arrive at the overall topology

  • Configuration and schema within a site.
  • Each domain directory partition within a site.
  • Global Catalog read-only, partial directory partitions within a site.
  • Configuration and schema between sites.
  • Each domain directory partition between sites.
  • Global Catalog read-only, partial directory partitions between sites.

Terminology with KCC

  • KCC runs every 15 minutes.
  • The domain controllers that replicate directly with each other are called replication partners
  • these partnerships are added, removed, or modified automatically, as necessary, on the basis of what domain controllers are available and how close they are to each other on the network
  • KCC creates connections that enable domain controllers to replicate with each other
  • A connection defines a one-way, inbound route
  • Connection objects are created automatically by the KCC; they can also be created manually.
  • Site Links

    For replication to occur between two sites, a link must be established between the sites. Site links are not generated automatically and can be created in Active Directory Sites and Services. Unless a site link is in place, the KCC cannot create connections automatically between computers in the two sites, and replication between the sites cannot take place. Each site link contains the schedule that determines when replication can occur between the sites that it connects. The Active Directory Sites and Services user interface guarantees that every site is placed in at least one site link. A site link can contain more than two sites, in which case all the sites are equally well connected

  • Bridgehead Servers

    To communicate across site links, the KCC automatically designates a single server, called the bridgehead server, in each site to perform site-to-site replication. Subsequent replication occurs by replication within a site. When you establish site links, you can designate the bridgehead servers that you want to receive replication between sites. By designating a specific server to receive replication between sites, rather than using any available server, you can specify the most beneficial conditions for the connection between sites. Bridgehead servers ensure that most replication occurs within sites rather than between sites.

Best,

Oz ozugurlu