This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 36%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Our domain is single level and environment is spread across multiple remote sites and each remote site has its own Site and subnet in AD. Today we add a new remote office as site to our AD in our HQ and create a subnet for it. The new site and HQ have a Site2Site IPSEC VPN connections and we did promote a new server 2019 in the new site to a DC for this site and everything went ok.
Now when check the AD site and services on the HQ dc I can see that the new site has an NTDS settings object and this object has only one automatically generated object that points to and DC in one of the remote Offices and not to any DC in HQ! the DC in HQ has all of the FSMO rules.
How can we force this new DC to replicate with the HQ DC and not the one in different remote site? I did manually add a connection to the NTDS settings on the DC in the new site that points to the HQ DC but when run the replication manually get this message:
Any suggestion on how to get the replication on the new server up and running?
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
The bridgehead server selections and site links should be automatic.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/replication/active-directory-replication-concepts#BKMK_7
if you have a need to alter the design read on here.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/creating-a-site-link-bridge-design
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Hello ShahinMortazave,
Thank you for your question and reaching out.
I can understand you are facing AD replication.
Please note that as you have Added manually connection in NTDS settings then It should be automatically Replication from your HQ DC due KCC service which is responsible to adjust the connections. Also , Please verify Cost value for site link should be according to your speed of network.
KCC :
The KCC is a built-in process that runs on all domain controllers and generates replication topology for the Active Directory forest. The KCC creates separate replication topologies depending on whether replication is occurring within a site (intrasite) or between sites (intersite). The KCC also dynamically adjusts the topology to accommodate the addition of new domain controllers, the removal of existing domain controllers, the movement of domain controllers to and from sites, changing costs and schedules, and domain controllers that are temporarily unavailable or in an error state.
I will also suggest to verify AD replication health using Active Directory Replication Status Tool
https://www.microsoft.com/en-in/download/details.aspx?id=30005
--------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--
