DistributedNetworks DistributedNetworks

Active Directory  «Prev  Next»
Lesson 3Replication components
Objective Define the replication components and the KCC.

Establishing a replication path for new domain controllers

When you add domain controllers to a site, there must be a method for establishing a replication path between them. Active Directory accomplishes this with replication components and the (KCC)Knowledge Consistency Checker[1].

Understanding the purpose of the replication components

In Active Directory, the KCC automatically configures the connections between domain controllers for replication. You can change those connections and create new connections; however, you should understand the purpose of the replication components before you modify the physical structure.


The KCC is a built-in process on all domain controllers that creates, reviews, and makes modifications to the Active Directory replication topology (replication plan) at specified intervals to ensure that complete replication occurs. The KCC creates connections to keep your replication topology intact without manual intervention, even in the case of extended failures and outages. However, these connections can be created manually if they are not correctly configured; the KCC enables replication via a series of objects. To understand how the KCC functions, you need to understand server objects and computer objects.

Server objects and computer objects

All computers running Windows 2000 in a domain are represented in Active Directory by a computer object.
When you create a domain controller, the Active Directory Installation Wizard creates a secondary object that is distinct from the computer object for that domain controller. This is called a server object.

The server object, replication, and site management

Although the server object contains a reference to the corresponding computer object, and both objects refer to the same computer, the properties of each object type are different. The table below lists some of the differences between computer objects and server objects:

  The server object The computer object
Use Represents domain controllers only Represents all computers
Function To manage the domain controller specifically in replication and site management To manage authentication of the identity of the computer and audit activities associated with it
Access Via Active Directory Sites and Services Via Active Directory Users and Computers

You now know that server objects represent domain controllers, and domain controllers are used to replicate database information between sites. Because sites are also based on subnets, the site of the server object must be consistent with its IP subnet.
Where the necessary site object does not exist, the Active Directory Installation Wizard cannot place a server object in the proper location. To fix this problem, you must move a server object from one site to another to keep the server object's site consistent with its IP subnet. Replication starts with the server object and ends with the connection object.
The following page contains a series of images outlining server and replication objects. Understanding Replication Objects

NTDS settings object

As you saw above, the server object is the parent of an NTDS Settings object. The NTDS Settings object is a container for all connection objects for that server object and is created automatically when Active Directory is installed. The key to replication, however, is the connection object.

Connection object

A connection object[2] represents a one-way replication path between two server objects and points to the replication source. Domain controllers that are linked by a connection object are replication partners.

Creating connection objects for full replication

In Windows 2000 networks, unlike in NT domains, every domain controller can accept changes to the Active Directory database. This means it is very important that two-way replication take place, so that all of domain controller A's changes are copied to domain controller B, and vice-versa. To replicate directory information between two domain controllers fully, two connection objects are required.
The following SlideShow below reviews the replication path:

Replication objects

  1. To replicate directory information between domain controller A and domain controller B fully, two connection objects are required.
  2. One connection object enables replication from domain controller A to domain controller B
  3. This connection object exists in the NTDS settings object of domain controller B.
  4. A second connection object enables replication from the domain controller B to domain controller A.
  5. This second connection object exists in the NTDS settings object of the domain controller A.

The following link contains an image gallery describing Active Directory Connection Objects:
Creating Connection Objects

Methods of creating connection objects

To set up full replication, you need to create connection objects. There are two ways to create connection objects:
  1. Automatically by the KCC running on the destination domain controlle
  2. Manually by an administrator

In the next lesson, we will discuss intra- and intersite replication.


It is important that you be familiar with the steps required for complete replication between two domain controllers. Click the link below to review this process for creating connection objects.
Creating Connection Objects

[1] Knowledge Consistency Checker (KCC): A built-in service that runs on all domain controllers and automatically establishes connections between individual machines in the same site.
[2] Connection object: An object that represents a one-way replication path between two server objects and points to the replication source.