126.96.36.199 Intrasite Connection Creation
This task computes an NC replica graph for each NC replica that "should be present" on the local DC. Then for each edge of the graph directed to an NC replica on the local DC, the KCC reconciles its portion of the NC replica graph by creating an nTDSConnection object to "imply" that edge if one does not already exist.
For each NC x for which an NC replica "should be present" on the local DC, the KCC constructs an NC replica graph as follows:
s is a writable DC other than the local DC.
s is in the same site as the local DC.
If x is a read-only full replica and x is a domain NC, then the DC's functional level is at least DS_BEHAVIOR_WIN2008.
Bit NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED is set in the options attribute of the site settings object for the local DC's site, or no tuple z exists in the kCCFailedLinks or kCCFailedConnections variables such that z.UUIDDsa is the objectGUID of the nTDSDSA object for s, z.FailureCount > 0, and the current time - z.TimeFirstFailure > 2 hours.
If a partial (not full) replica of x "should be present" on the local DC, append to R each partial replica p of x such that p "is present" on a DC s satisfying the same criteria defined above for full replica DCs.
Append to R the NC replica that "should be present" on the local DC.
Sort R in order of the value of the objectGUID attribute of the corresponding DC's nTDSDSA object. Let ri be the i'th NC replica in R, where 0 ≤ i < |R|.
Add a node for each ri to the NC replica graph.
Add an edge from ri to ri+1 for each 0 ≤ i < |R|-1 if ri is a full replica or ri+1 is a partial replica.
Add an edge from ri+1 to ri for each 0 ≤ i < |R|-1 if ri+1 is a full replica or ri is a partial replica.
Add an edge from r|R|-1 to r0 if r|R|-1 is a full replica or r0 is a partial replica.
Add an edge from r0 to r|R|-1 if r0 is a full replica or r|R|-1 is a partial replica.
The KCC can create additional edges, but does not create more than 50 edges directed to a single DC. To optimize replication latency in sites with many NC replicas, the Windows KCC determines that each ri should have n+2 total edges directed to it such that n is the smallest non-negative integer satisfying |R| ≤ 2n2 + 6n + 7. For each existing nTDSConnection object implying an edge from rj of R to ri such that j ≠ i, an edge from rj to ri is not already in the graph, and the total edges directed to ri is less than n+2, the KCC adds that edge to the graph. The KCC then adds new edges directed to ri to bring the total edges to n+2, where the NC replica rk of R from which the edge is directed is chosen at random such that k ≠ i and an edge from rk to ri is not already in the graph.
For each edge directed to the NC replica that "should be present" on the local DC, the KCC determines whether an object c exists such that:
c is a child of the local DC's nTDSDSA object.
c!objectCategory = nTDSConnection
c!options does not contain NTDSCONN_OPT_RODC_TOPOLOGY
If no such object c exists, the KCC adds an object c to the local DC's NC replica of the config NC such that it satisfies the above criteria and has the following additional attributes:
c!objectClass contains nTDSConnection
c!enabledConnection = true
c!options = NTDSCONN_OPT_IS_GENERATED
c!systemFlags = FLAG_CONFIG_ALLOW_RENAME + FLAG_CONFIG_ALLOW_MOVE
c!schedule = z : SCHEDULE, such that:
z.Size = 188
z.Bandwidth = 0
z.NumberOfSchedules = 1
z.Schedules.Type = 0
z.Schedules.Offset = 20
Byte offset 20 from z begins a stream of 168 bytes with value 0x01.
If the DC is a GC server, the KCC constructs an additional NC replica graph (and creates nTDSConnection objects) for the config NC as above, except that only NC replicas that "are present" on GC servers are added to R.
The DC repeats the NC replica graph computation and nTDSConnection creation for each of the NC replica graphs above, this time assuming that no DC has failed. It does so by re-executing the steps as if the bit NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED were set in the options attribute of the site settings object for the local DC's site.
The net result of each DC executing this distributed algorithm is the following set of overlapping rings:
For each NC, a ring containing each full replica in the site.
For each NC, a ring containing each NC replica (full or partial) in the site.
A ring containing each GC server in the site.
For each NC, a ring containing each full replica in the site that has not failed.
For each NC, a ring containing each NC replica (full or partial) in the site that has not failed.
A ring containing each GC server in the site that has not failed.