Hub and Spoke Topology for Replication in Active Directory

How to Create a Hub and Spoke Topology for Replication in Active Directory?

This is a very common question when it comes to System Administrators who have a very big Active Directory Infrastructure, with a lot of sites having site connectivity with each other. As per Active Directory architecture, this may qualify for a Mesh Topology. System Admins would like to make it simple in order to have their scope of AD Replication limited so that they have full control and it is easier for troubleshooting. Let’s see how we can build up a Fub and Spoke Topology in order to achieve our goal.

  • Define sites and subnets in Active Directory Sites & Services
  • Disable automatic inter-site topology generation:
    a) Click START-RUN and type ADSIEDIT.MSC and click OK.
    b) Right click ADSI Edit, click CONNECT TO, SELECT OR TYPE A DOMAIN OR SERVER to connect to your PDC Emulator, click OK.
    c) Perform the following steps on EACH of your sites:
    – Drill down to CN=<the headquarters site>,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=COM
    – Right click CN=NTDS Site Settings and click PROPERTIES.
    – Which Properties: “Both”; Attribute: “options”
    – Scroll down to OPTIONS, highlight it, and click EDIT.
    – Enter a value of “16” (without the quotes), cilck OK, and click OK.
    d) Force replication between all domain controllers in the domain.
  • Manually create connection objects in your hub site:
    Where you see <YourSite>, substitute the name of your hub site.
    Where you see <YourServer>, substitute the name of your PDC Emulator.
    a) Open Active Directory Sites and Services.
    b) Right click Active Directory Sites and Services, click CONNECT TO DOMAIN CONTROLLER, select YourServer> and click OK.
    c) Expand SITES, <YourSite>, <YourServer>, NTDS SETTINGS.
    d) Right click each <automatically generated> object and click DELETE.
    e) Right click  NTDS SETTINGS, click NEW CONNECTION, choose a domain controller in one of your remote sites, click OK.
    f) Repeat the last step once for each of your sites until you have a connection object for each site.
  • You should now have a connection object from each of your remote sites.
  • Manually create connection objects in each of your remote sites.
    Where you see <YourSite>, substitute the name of one of your sites.
    Where you see <YourServer>, substitute the name of a domain controller in that site.
    a) Right click Active Directory Sites and Services, click CONNECT TO DOMAIN CONTROLLER, select YourServer> and click OK.
    b) Expand SITES, <YourSite>, <YourServer>, NTDS SETTINGS.
    c) Right click each <automatically generated> object and click DELETE.
    d) Right click NTDS SETTINGS, click NEW CONNECTION, choose one of the domain controllers in your hub site, click OK.
    e) Right click NTDS SETTINGS, click NEW CONNECTION, choose another one of the domain controllers in your hub site, click OK. You should now have two connections objects from your hub site.