jspωiki
Knowledge Consistency Checker

Overview#

Knowledge Consistency Checker (KCC) is a Microsoft Active Directory component that automatically generates and maintains the intra-site and inter-site replication topology.

Knowledge Consistency Checker is present on every Domain Controller and automatically generates the "most efficient" replication topology at a default interval of every 15 minutes. Knowledge Consistency Checker creates connection objects that link Domain Controllers into a common replication topology. The Knowledge Consistency Checker has two components:

Knowledge Consistency Checker uses a bidirectional ring-based topology and attempts to always maintain at least two Replication partners for every Domain Controller.

Knowledge Consistency Checker in a Active Directory Site with many Domain Controllers, a ring topology can quickly violate the no-more-than three-hops rule, so the KCC will generate shortcuts across the ring to reduce the number of hops between Domain Controllers.

Automatic Connection Objects#

You can not directly affect the KCC's operation. When it creates its replication topology, the result is a set of replication objects. The security on these objects sets the KCC itself as the owner, although members of the Domain Administrators group have permission to modify those objects. As an administrator, you can create your own intrasite replication objects. The KCC won't have the ability to modify any objects you create.

Microsoft Active Directory Connection Objects#

Keep in mind that each connection object represents a one-way, inbound replication path from the Domain Controller on which the change occurred to the local domain controller. Knowledge Consistency Checker replication is pull-based, meaning Domain Controllers request changes from other Domain Controllers. This concept is important for security: Domain Controllers do not accept pushed changes, meaning there's no way for an intruder to send fake replication data around your network and mess up your AD DOMAIN.

More Information#

There might be more information for this subject on one of the following: