You want to disable the KCC for a site and generate your own replication connections between domain controllers.
Open ADSI Edit.
Connect to the Configuration Naming Context if it is not already displayed.
In the left pane, browse the Configuration Naming Context Sites.
Click on the site you want to disable the KCC for.
In the right pane, double-click CN=NTDS Site Settings.
Modify the options attribute. To disable only intra-site topology generation, enable the 00001 bit (decimal 1). To disable inter-site topology generation, enable the 10000 bit (decimal 16). To disable both, enable the 10001 bits (decimal 17).
You can disable the KCC for <SiteName> by using the ldifde utility and an LDIF file that contains the following:
dn: cn=NTDS Site Settings,<SiteName>,cn=sites,cn=configuration,<ForestRootDN> changetype: modify replace: options options: <OptionsValue> -
If the LDIF file were named disable_kcc.ldf, you would run the following command:
> ldifde -v -i -f disable_kcc.ldf
' This code disables the KCC for a site. ' ------ SCRIPT CONFIGURATION ------ strSiteName = "<SiteName>" ' e.g. Default-First-Site-Name boolDisableIntra = TRUE ' set to TRUE/FALSE to disable/enable intra-site boolDisableInter = TRUE ' set to TRUE/FALSE to disable/enable inter-site ' ------ END CONFIGURATION --------- strAttr = "options" set objRootDSE = GetObject("LDAP://RootDSE") set objObject = GetObject("LDAP://cn=NTDS Site Settings,cn=" _ & strSiteName & ",cn=sites," & _ objRootDSE.Get("configurationNamingContext") ) intBitsOrig = objObject.Get(strAttr) intBitsCalc = CalcBit(intBitsOrig, 1, boolDisableIntra) WScript.Echo "Checking the KCC Intra-site generation flag:" if intBitsOrig <> intBitsCalc then objObject.Put strAttr, intBitsCalc objObject.SetInfo WScript.Echo " Changed " & strAttr & " from " & _ intBitsOrig & " to " & intBitsCalc else WScript.Echo " Did not need to change " & strAttr & _ " (" & intBitsOrig & ")" end if intBitsOrig = objObject.Get(strAttr) intBitsCalc = CalcBit(intBitsOrig, 16, boolDisableInter) WScript.Echo "Checking the KCC Inter-site generation flag:" if intBitsOrig <> intBitsCalc then objObject.Put strAttr, intBitsCalc objObject.SetInfo WScript.Echo " Changed " & strAttr & " from " & intBitsOrig & _ " to " & intBitsCalc else WScript.Echo " Did not need to change " & strAttr & " (" & _ intBitsOrig & ")" end if
In some cases, you may want to disable the KCC from generating the intra-site topology connections, inter-site topology connections, or both. The connection objects the KCC dynamically creates determines how domain controllers replicate with each other. Disabling the KCC was sometimes necessary with Windows 2000 due to scalability issues with the KCC and very large topologies. In Windows Server 2003, the KCC has been greatly improved and, hopefully, you will not need to disable the KCC. I recommend against disabling the KCC unless you have really good reasons because you will have to pay close attention to any domain controller or site topology changes and manually adjust the connection objects accordingly.
Disabling the KCC can only be done at the site level. You have to modify the NTDS Site Settings object of the site for which you want to disable the KCC. The options attribute (a bit flag) on this object determines whether the KCC runs. If the 00001 bit is enabled, intra-site topology generation is disabled, if the 10000 bit is enabled (16 in decimal), inter-site topology generation is disabled. See Recipe 4.12 for more on the proper way to set bit-flags.
Recipe 4.12 for more on setting bit flags, Recipe 11.22 for creating a connection object manually, MS KB 242780 (How to Disable the Knowledge Consistency Checker From Automatically Creating Replication Topology), and MS KB 245610 (HOW TO: Disable the Knowledge Consistency Checker Inter-Site Topology Generation for All Sites)