<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] ([KCC]) is a [Microsoft Active Directory] component that automatically generates and maintains the intra-[site|Active Directory Site] and inter-[site|Active Directory Site] [replication] topology.


[{$pagename}] is present on every [Domain Controller] and automatically generates the &quot;most efficient&quot; [replication] topology at a default interval of every 15 [minutes]. [{$pagename}] creates connection objects that link [Domain Controllers] into a common replication topology. The [{$pagename}] has two components: 
* intrasite [KCC]  which deals with [replication] within the [Active Directory Site]
* [Intersite Topology Generator] ([ISTG]), which establishes connection objects between sites (only one [Domain Controller] in each [Active Directory Site] holds the ISTG role at any given time).
 
[{$pagename}] uses a bidirectional ring-based topology and attempts to always maintain at least two [Replication] partners for every [Domain Controller].

[{$pagename}] in a [Active Directory Site] with many [Domain Controllers], a ring topology can quickly violate the no-more-than three-hops rule, so the [KCC] will generate shortcuts across the ring to reduce the number of hops between [Domain Controllers].


!! Automatic Connection Objects
You can not directly affect the [KCC]'s operation. When it creates its replication topology, the result is a set of replication objects. The security on these objects sets the KCC itself as the owner, although members of the Domain Administrators group have permission to modify those objects. As an administrator, you can create your own intrasite replication objects. The KCC won't have the ability to modify any objects you create. 

!! [Microsoft Active Directory] Connection Objects
Keep in mind that each connection object represents a one-way, inbound [replication] path from the [Domain Controller] on which the change occurred to the local domain controller. [{$pagename}] [replication] is pull-based, meaning [Domain Controllers] [request] changes from other [Domain Controllers]. This concept is important for [security]: [Domain Controllers] __do not accept pushed changes__, meaning there's no way for an intruder to send fake [replication] [data] around your network and mess up your [AD DOMAIN].


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [How does the Knowledge Consistency Checker work?|https://fallbackstatus.com/how-does-the-knowledge-consistency-checker-work/|target='_blank'] - based on information obtained 2019-07-25 



































































</pre>