To build the replication topology, the Knowledge Consistency Checker (KCC)
examines the following:
- All the sites that contain domain controllers
- The directory partitions that each domain controller
holds
- The cost that is associated with the site links to
build a least-cost spanning tree
The KCC determines if there is a
domain controller in a site by querying AD DS for objects of the NTDS-DSA
category—the objectcategory attribute value of the NTDS Settings object.
The NTDS Settings objects for RODCs do not have this object category. Instead,
they support a new objectcategory value named NTDS-DSA-RO.
As a result, the KCCs on writable
domain controllers never consider an RODC as part of the replication topology.
This is because the NTDS Settings objects are not returned in the query.
However, the KCC on an RODC also needs to consider the local domain controller
(itself) to be part of the replication topology to build inbound connection
objects. This is achieved by a minor logic change to the algorithm that the KCC
uses on all domain controllers running Windows Server 2008 that forces it
to add the NTDS Settings object of the local domain controller to the list of
potential domain controllers in the topology. This makes it possible for the
KCC on an RODC to add itself to the topology. However, the KCC on an RODC does
not add any other RODCs to the list of domain controllers that it generates.
0 Comments