11.29. Disabling the KCC for a Site

Problem

You want to disable the KCC for a site and generate your own replication connections between domain controllers.

Solution

Using a graphical user interface

  1. Open ADSI Edit.

  2. Connect to the Configuration Naming Context if it is not already displayed.

  3. In the left pane, browse the Configuration Naming Context Sites.

  4. Click on the site you want to disable the KCC for.

  5. In the right pane, double-click CN=NTDS Site Settings.

  6. Modify the options attribute. To disable only intra-site topology generation, enable the 00001 bit (decimal 1). To disable inter-site topology generation, enable the 10000 bit (decimal 16). To disable both, enable the 10001 bits (decimal 17).

  7. Click OK.

Using a command-line interface

You can disable the KCC for <SiteName> by using the ldifde utility and an LDIF file that contains the following:

dn: cn=NTDS Site Settings,<SiteName>,cn=sites,cn=configuration,<ForestRootDN>
changetype: modify
replace: options
options: <OptionsValue>
-

If the LDIF file were named disable_kcc.ldf, you would run the following command:

> ldifde -v -i -f disable_kcc.ldf

Using VBScript

' This code disables the KCC for a site.
' ------ SCRIPT CONFIGURATION ------
strSiteName = "<SiteName>" ' e.g. Default-First-Site-Name boolDisableIntra = TRUE ' set to TRUE/FALSE to disable/enable intra-site boolDisableInter = TRUE ' set to TRUE/FALSE to disable/enable inter-site ' ------ END CONFIGURATION --------- strAttr = "options" set objRootDSE = GetObject("LDAP://RootDSE") set ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial