Unsolved Active Directory Intersite Replication

---

Hello ITPro! I have a question regarding Microsoft Active Directory and Inter-site Replication. In the case of 4 different sites with Domain Controllers deployed at each. Let's say your network IS NOT fully routed.. Sites 1, 2, and 3 can communicate in a fully routed manner, but site 4 can ONLY communicate with site 1 due to network limitations.. Site 1 is the primary corp office and many of the changes in AD will occur there. Single domain environment.

In my lab I have built the following site link topology.
Step 1: Disable Inter-Site IP Property "Bridge all site links".

Step 2: Create the following site links and add sites respectively. No bandwidth concerns, all costs set to 100.
site1-to-site2 (Cost 100, interval 15)
site1-to-site3 (Cost 100, interval 15)
site1-to-site4 (Cost 100, interval 15)

Step 3: Create site link bridge "site2-site3-bridge" and add the following site links to the bridge.
site1-to-site2
site1-to-site3

With the above configuration I am seeing the KCC create replication "connections" automatically from Site Domain Controllers 2, 3, and 4 to site 1 as I expected. However I am a bit confused as to the behavior of the site link bridge in this deployment example. I assumed by disabling "Bridge all site links" and creating a bridge that contained links site1-to-site2 and site1-to-site3 would allow "connections to be made between site 2 and site 3 automatically without the need of creating an additional site link.

Could someone better explain the purpose of a site link bridge and how best to utilize it?

Regards,
Adam Tyler

Hello Adam,

This is expected behavior when using site link bridging. The ISTG will not create the site link across the bridge automatically. It will be created only when needed, which could be because of two reasons:

1. If Site 1 domain controllers are unavailable for replication

• or -

2. The replication cost is less

You should be able to test this out by increasing the cost between site 1 and site 2, or site 1 and site 3, so that the total cost of the replication path between site 3 and site 1 plus the cost between site 1 and site 2 is greater than the cost across the site link bridge.

A better use of manual site link bridging in your scenario would be to provide replication to site 4 if site 1 domain controllers become unavailable.

In your current topology, if site 1 domain controllers are unavailable, site 4 will not be able to replicate, because there is no routing between site 4 to site 2 or site 3. In this case, you would create a site link bridge between site 4 - site 1 - site 2 or site 4 - site 1 - site 3 (or both!) The cost would be less for site 4 to replicate with site 1, so it would use this normally. If site 1 domain controllers are unavailable for replication, site 4 could use a site link bridge to create a replication link with site 2 or site 3 through site 1. Once the domain controllers in site 1 were available again, site 4 would resume replicating with site one directly, because the cost is less.

Hope this helps,

Mike

@Adam-Tyler,

From Adam Gordon:

"I hope all is well. The easiest way to answer your question is to briefly define the function and differences between a Site Link and a Site Link Bridge, as noted below:

Site Links: Site links are logical connections that are established between sites is Active Directory that define a path between these sites. A site link defines the direction of Active Directory replication between sites. You can use either RPC over IP or SMTP as the transport protocol for moving replication data over a site link.
Site link bridge: In Active Directory, you can use a site link bridge to link sites that share common Active Directory data but who do not have a site link. The data typically shared by these sites is the Application directory partition. By default, site links for the same IP transport that have sites in common are bridged, which enables the KCC to treat the set of associated site links as a single route. If you categorically do not want the KCC to consider some routes, or if your network is not fully routed, you can disable automatic bridging of all site links. When this bridging is disabled, you can create site link bridge objects and manually add site links to a bridge.
Bridging Site Links Manually
If your IP network is composed of IP segments that are not fully routed, you can disable Bridge all site links for the IP transport. In this case, all IP site links are considered nontransitive, and you can create and configure site link bridge objects to model the actual routing behavior of your network. A site link bridge has the effect of providing routing for a disjoint network (networks that are separate and unaware of each other). When you add site links to a site link bridge, all site links within the bridge can route transitively.
A site link bridge object represents a set of site links, all of whose sites can communicate through some transport. Site link bridges are necessary if both of the following conditions are true:
A site contains a domain controller that hosts a domain directory partition that is not hosted by a domain controller in an adjacent site (a site that is in the same site link).

That domain directory partition is hosted on a domain controller in at least one other site in the forest.

Note
Site link bridge objects are used by the KCC only when the Bridge all site links setting is disabled. Otherwise, site link bridge objects are ignored.

You create a site link bridge object for a specific transport by specifying two or more site links for the specified transport.
Requirements for manual site link bridges

Each site link in a manual site link bridge must have at least one site in common with another site link in the bridge. Otherwise, the bridge cannot compute the cost from sites in one link to the sites in other links of the bridge. If bridgehead servers that are capable of the transport that is used by the site link bridge are not available in two linked sites, a route is not available.
Hopefully that helps.
Please let me know if you need more clarification, or if you have any additional questions. "