RE: [ActiveDir] Application Partition Replication

[joe]

Title: [ActiveDir] Remote DSL link

Yeah so basically for replication[1]...   App partitions are different because they don't replicate into "the GC".   Another arguable difference is that you explicitly pick which machines have the partition. I say that is arguable because you do pick which domain controllers get which domain partitions, you promote them into the specific domain you want the partition of... It is a bit of a stronger pick, but you are picking.   Other than that, it is the same. For replication you want to think of each partition all on its own. An App partition is just another partition. If you have a connection between a couple of sites and the servers involved (current BH's for the sites) don't have the partition that needs to replicate between the sites, another connection will be made. It is the whole you can have multiple bridgeheads for a site thing based on the partitions that has always been there. Think about if you had two sites with 2 DCs in each site (each from a different domain). One BH DC in each site can not service both domains so new connections will be made.     joe     [1] Only responding because Dean used ISTG more than 3 times in a single email. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Thursday, October 28, 2004 5:50 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Application Partition Replication As with the well-known 3 partitions, app. partitions, their connection objects and the resulting replica links are handled by the KCC, ISTG and DRA.  Site structure is taken into account, in short they're treated the same as the domain NC with the possible noteworthy exception that their content is ignored by GCs when sourcing partial replicas.    As for the bridgeheadinging aspect; yes, preferred b'heads will be used if they hold a replica of the partition in question.  If the list of preferred b'heads for a particular site does not include a DC in possession of an app. partition then the ISTG will bark, tell you you're a fool and assign one for you (a behavior new to 2003).  It is also worth mentioning that the ISTG must be running on a 2003 DC within a particular site in order for app. partitions to get a topology built for them but since 2003 DCs steal the ISTG role when added to a site containing no other 2003 DCs that isn't really a problem (especially since you have to have at least one 2003 DC within a site in order for an app. partition to be present there in the first place).   There are, of course, other behavioral differences 'tween app. partitions and their domain counterparts but I can't think of any that warrant mentioning in this context.   Specific to your error, have you disabled site link bridging?  A description of your site topology, the DCs within those sites and which of those DCs are or were running 2003's DNS service would be most useful? -- Dean Wells MSEtechnology * Email: dwells@msetechnology.com http://msetechnology.com   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Thursday, October 28, 2004 4:33 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Application Partition Replication We started seeing strange problems with our Directory replication recently when bringing up new Windows 2003 DC in our Hub and Spoke Site design.  Our network has a lot of firewalls, domains, and business units, and we have managed to coordinate most of the firewalls in the business units to allow full communications to the central site.    The tech working on the problem says that MSFT says “Application Partitions” replicate differently than GCs and Domains.  Adding further “Application Partitions” can sometimes choose different connections to replicate their data across.  I don’t necessarily believe the tech at this point, so I ask you all.  Do application partitions replicate differently?  Is there a way to force them to use hub and spoke topology, and not try to replicate outside the site links?  Also do they use Preferred Bridge Head Servers as other partitions do?   Thanks,   Todd     Event Type:       Error Event Source:    NTDS KCC Event Category: Knowledge Consistency Checker Event ID:           1311 Date:                10/28/2004 Time:                4:18:45 PM User:                NT AUTHORITY\ANONYMOUS LOGON Computer:         Description: The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.   Directory partition: DC=ForestDnsZones,DC=DHHSSECURITY,DC=LOCAL   There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology. Or, one or more domain controllers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers.   User Action Use Active Directory Sites and Services to perform one of the following actions: - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option. - Add a Connection object to a domain controller that contains the directory partition in this site from a domain controller that contains the same directory partition in another site.   If neither of the Active Directory Sites and Services tasks correct this condition, see previous events logged by the KCC that identify the inaccessible domain controllers.