You Are Not Smarter Than The KCC

I had this discussion with a fellow PFE David Gregory , who use to be out of Chicago but now has moved to a better place (read Southern California), at a Polo Loco in Compton, CA. The same one 2Pac rapped about, you know the one I'm talking about. This is what us PFEs do sometimes, eat at fast food places (In-N-Out) and discuss odd technology issues. The topic came up was how often do we see customers that have manually configure connections objects for their DCs? The answer was way too much. If you have properly defined your AD sites and site costing, you shouldn't have to create manual connection objects. Most of the time you just end up making more of a problem for yourself by defining this. Let the KCC automatically create and remove connection objects as it needs to. A manual created connection object is not managed by the KCC at all. If you really want to know how the KCC does decide what to connect I highly recommend you read this, https://technet.microsoft.com/en-us/library/cc755994(WS.10).aspx.

(This is what it should look like if you would just stop monkeying with it)

 

Ok so what does it look like if "someone" actually made a manual connection object?

 

(It's horrible looking)

 

Ok so the next thing we discussed was how do help customers fix this is the best way possible. The easiest way is pretty straight forward, right click the connection object, delete. Seems pretty simple. But there is a better way to do this. And this is what David and I talked about. What if that manual connection object was correct? The KCC will then see that it needs a connection and re-make one. So what. The problem is that when a new connection object is made a VVJoin has to be done https://technet.microsoft.com/en-us/library/cc758169(WS.10).aspx. This can be a semi-painful process. If you have to do it thats fine but why do it if you dont have to do it? So the solution you really want to do is make that manual connection object to be managed by the KCC.

To do this follow these steps

1.) Open ADSIEdit and go to the Configuration partition.

2.) Drill down to Sites, the site where the manual connection object is, Servers, the server where the manual connection object is created, NTDS Settings

3.) Right click on the manual connection object and go to properites

4.) Go to the Options attribute and change it from 0 to 1

5.) Either wait 15 minutes (that's how often the KCC runs) or run repadmin /kcc to manually kick it off

 

Just like that it will be managed by the KCC. If that is the best connection object it will continue to use it with no VVJoin, if not it will tear it down and then make the best connection object.

 

UPDATE: Fellow PFE Tom Moser blogs.technet.com/b/tommos let me know that if you have an RODC manual connection object the options attribute will need to be changed from decmial value 64 to 65. It will then show up as IS_GENERATED | RODC_TOPOLOGY 

 

Mark "Insert Your Favorite 2 Pac Lyric" Morowczynski