361
that were created or that were associated with the default site and determine what site they really
should be associated with.
Recipe 11.7 Creating a Site Link
11.7.1 Problem
You want to create a site link to connect two or more sites together.
11.7.2 Solution
11.7.2.1 Using a graphical user interface
1. Open the Active Directory Sites and Services snap-in.
2. Expand the Sites container.
3. Expand the Inter-Site Transports container.
4. Right-click on IP (or SMTP) and select New Site Link.
5. For Name, enter the name for the site link.
6. Under Site is not in this site link, select at least two sites and click the Add button.
7. Click OK.
11.7.2.2 Using a command-line interface
The following LDIF would create a site link connecting the SJC and Dallas sites:
dn: cn=Dallas-SJC,cn=IP,cn=inter-site
transports,cn=sites,cn=configuration,<ForestRootDN>
changetype: add
objectclass: siteLink
siteObject: cn=SJC,cn=sites,cn=configuration,<ForestRootDN>
siteObject: cn=Dallas,cn=sites,cn=configuration,<ForestRootDN>
If the LDIF file were named create_site_link.ldf, you'd then run the following command:
> ldifde -v -i -f create_site_link.ldf
11.7.2.3 Using VBScript
' This code creates a site link
' SCRIPT CONFIGURATION
intCost = 100 ' site link cost
intReplInterval = 180 ' replication interval in minutes

strSite1 = "<Site1>" ' e.g. SJC
strSite2 = "<Site2>" ' e.g. Dallas
strLinkName = strSite1 & " - " & strSite2
' END CONFIGURATION

' Taken from ADS_PROPERTY_OPERATION_ENUM
const ADS_PROPERTY_UPDATE = 2


362
set objRootDSE = GetObject("LDAP://RootDSE")
set objLinkCont = GetObject( _
"LDAP://cn=IP,cn=Inter-site Transports,cn=sites," & _
objRootDSE.Get("configurationNamingContext") )
set objLink = objLinkCont.Create("siteLink", "cn=" & strLinkName)
strSite1DN = "cn=" & strSite1 & ",cn=sites," & _
objRootDSE.Get("configurationNamingContext")
strSite2DN = "cn=" & strSite2 & ",cn=sites," & _
objRootDSE.Get("configurationNamingContext")
objLink.PutEx ADS_PROPERTY_UPDATE, "siteList", Array(strSite1DN,strSite2DN)
objLink.Put "cost", intCost
objLink.Put "replInterval", intReplInterval
objLink.SetInfo

WScript.Echo "Successfully created link: " & strLinkName
11.7.3 Discussion
Without site links, domain controllers would not be able to determine the optimal partners to
replicate with. The cost that is associated with a site defines how "expensive" the link is. A lower
cost is less expensive (or faster) than a higher cost. Link costs are inversely proportional to
bandwidth.

11.7.4 See Also
MS KB 316812 (HOW TO: Create and Configure a Site Link in Active Directory in Windows
2000)
Recipe 11.8 Finding the Site Links for a Site
11.8.1 Problem
You want to list the site links that are associated with a site.
11.8.2 Solution
11.8.2.1 Using a graphical user interface
1. Open LDP and from the menu, select Connection
Connect.
2. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).
3. For Port, enter 389.
4. Click OK.
5. From the menu, select Connection Bind.
6. Enter credentials of domain user.
7. Click OK.
8. From the menu, select Browse Search.
9. For BaseDN, type the Inter-Site Transports container DN (e.g., cn=Inter-
siteTransports,cn=sites,cn=configuration,dc=rallencorp,dc=com).

363
10. For Scope, select Subtree.
11. For Filter, enter the following:
12. (&(objectcategory=siteLink)(siteList=cn=<SiteName>,[RETURN]
cn=sites,cn=configuration,<ForestRootDN>))
13. Click Run.
11.8.2.2 Using a command-line interface
> dsquery * "cn=inter-site
transports,cn=sites,cn=configuration,<ForestRootDN>"[RETURN]
-filter "(&(objectcategory=siteLink)(siteList=cn=<SiteName>,[RETURN]

cn=sites,cn=configuration,<ForestRootDN>))" -scope subtree -attr name
11.8.2.3 Using VBScript
' This code displays the site links associated with the specified site
' SCRIPT CONFIGURATION
strSiteName = "<SiteName>" ' e.g. Raleigh
' END CONFIGURATION

set objRootDSE = GetObject("LDAP://RootDSE")
strSiteDN = "cn=" & strSiteName & ",cn=sites," & _
objRootDSE.Get("ConfigurationNamingContext")

strBase = "<LDAP://cn=Inter-site Transports,cn=sites," _
& objRootDSE.Get("ConfigurationNamingContext") & ">;"
strFilter = "(&(objectcategory=siteLink)" & _
"(siteList=" & strSiteDN & "));"
strAttrs = "name;"
strScope = "subtree"

set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)

WScript.Echo "Total site links for " & strSiteName & ": " & objRS.RecordCount
if objRS.RecordCount > 0 then
objRS.MoveFirst
while Not objRS.EOF
Wscript.Echo vbTab & objRS.Fields(0).Value
objRS.MoveNext
wend

end if
11.8.3 Discussion
A site can be included as part of zero or more site links. A site with no site links would be
considered orphaned from the site topology, since there is no way to determine how and where it
connects into the topology. Branch office sites may have only a single site link back to a hub,
while a hub site may have numerous links that connect it to the rest of the world.

364
Finding the site links associated with a site consists of performing a query for all siteLink
objects that have DN of the site included in the siteList attribute for a link. The siteList
attribute is a multivalued attribute that contains all the sites that are connected via the site link.
Recipe 11.9 Modifying the Sites That Are Part of a Site
Link
11.9.1 Problem
You want to modify the sites associated with a site link.
11.9.2 Solution
11.9.2.1 Using a graphical user interface
1. Open the Active Directory Sites and Services snap-in.
2. In the left pane, expand Sites Inter-Site Transports.
3. Click either the IP or SMTP folder depending where the site link is stored.
4. In the right pane, double-click on the link you want to modify.
5. Under the General tab, you can add and remove sites that are associated with the site link.
6. Click OK.
11.9.2.2 Using a command-line interface
Create an LDIF file called modify_site_link.ldf with the following contents. Replace <LinkName>
with the name of the link and <SiteName> with the site to add to the link.
dn: cn=<LinkName>,cn=IP,cn=inter-site
transports,cn=sites,cn=configuration,<ForestRootDN>
changetype: modify
add: siteList

siteList: cn=<SiteName>,cn=sites,cn=configuration,<ForestRootDN>
-
Then run the following command:
> ldifde -v -i -f modify_site_link.ldf
11.9.2.3 Using VBScript
' This code adds a site to an existing site link
' SCRIPT CONFIGURATION
strSite = "<SiteName>" ' e.g. Burlington
strLink = "<LinkName>" ' e.g. DEFAULTIPSITELINK
' END CONFIGURATION

' Taken from ADS_PROPERTY_OPERATION_ENUM
const ADS_PROPERTY_APPEND = 3


365
set objRootDSE = GetObject("LDAP://RootDSE")
set objLink = GetObject("LDAP://cn=" & strLink & _
",cn=IP,cn=Inter-site Transports,cn=sites," & _
objRootDSE.Get("configurationNamingContext") )
strSiteDN = "cn=" & strSite & ",cn=sites," & _
objRootDSE.Get("configurationNamingContext")
objLink.PutEx ADS_PROPERTY_APPEND, "siteList", Array(strSiteDN)
objLink.SetInfo

WScript.Echo "Successfully modified link: " & strLink
11.9.3 Discussion
To associate a site with a site link, add the DN of the site to the siteList attribute of the
siteLink object that represents the link. To remove a site from a link, do the reverse. Remove
the DN associated with the site from the siteList attribute.

11.9.4 See Also
Recipe 11.8 for finding the links associated with a site
Recipe 11.10 Modifying the Cost for a Site Link
11.10.1 Problem
You want to modify the cost for a site link.
11.10.2 Solution
11.10.2.1 Using a graphical user interface
1. Open the Active Directory Sites and Services snap-in.
2. In the left pane, expand
Sites Inter-Site Transports.
3. Click either the IP or SMTP folder depending where the site link is stored.
4. In the right pane, double-click on the link you want to modify.
5. Under the General tab, you can change the cost for the site link.
6. Click OK.
11.10.2.2 Using a command-line interface
Create an LDIF file called modify_site_link_cost.ldf with the following contents. Replace
<LinkName> with the name of the site you want to modify.
dn: cn=DEFAULTIPSITELINK,cn=IP,cn=inter-site
transports,cn=sites,cn=configuration,<ForestRootDN>
changetype: modify
replace: cost
cost: <LinkCost>

366
-
Then run the following command:
> ldifde -v -i -f modify_site_link_cost.ldf
11.10.2.3 Using VBScript
' This code modifies the cost attribute of a site link
' SCRIPT CONFIGURATION

strLink = "<SiteLink>" ' e.g. DEFAULTIPSITELINK
intCost = <LinkCost> ' e.g. 200
' END CONFIGURATION

set objRootDSE = GetObject("LDAP://RootDSE")
set objLink = GetObject("LDAP://cn=" & strLink & _
",cn=IP,cn=Inter-site Transports,cn=sites," & _
objRootDSE.Get("configurationNamingContext") )
objLink.Put "cost", intCost
objLink.SetInfo

WScript.Echo "Successfully modified link: " & strLink
11.10.3 Discussion
The cost attribute is one of the most important attributes of siteLink objects. cost is used by
the KCC to determine what connection objects should be created to allow domain controllers to
replicate data.
cost is inversely proportional to bandwidth. The lower the cost, the greater the bandwidth. The
number you use for the cost is also arbitrary; the default is 100. You could use 100-1,000 as the
range for your site link costs, or you could use 1-10. The actual number isn't important, it is
relative based on the other site links.
Recipe 11.11 Disabling Site Link Transitivity or Site
Link Schedules
11.11.1 Problem
You want to disable site link transitivity to control replication.
11.11.2 Solution
11.11.2.1 Using a graphical user interface
1. Open the Active Directory Sites and Services snap-in.
2. In the left pane, expand Sites Inter-Site Transports.
3. Right-click either the IP or SMTP folder depending which protocol you want to disable
transitivity or ignore schedules for.


367
4. Select Properties.
5. To disable site link transitivity, uncheck Bridge all site links.
6. To ignore site link schedules, check Ignore schedules.
7. Click OK.
11.11.2.2 Using a command-line interface
You can modify the options attribute of a site link object using an LDIF file and ldifde, but
since the attribute is a bit flag, you are better off using the GUI or VBScript solutions that look at
the current value of
options and modify it accordingly. ldifde doesn't handle this type of logic.
11.11.2.3 Using VBScript
' This code can disable site link transitivity and site
' schedules for all links of the IP transport.
' The code for the CalcBit function can be found in Recipe 4.12

SCRIPT CONFIGURATION
boolDisableTrans = <TrueOrFalse> ' e.g. TRUE
boolIgnoreSchedules = <TrueOrFalse> ' e.g. FALSE
' END CONFIGURATION

set objRootDSE = GetObject("LDAP://RootDSE")
set objLink = GetObject( _
"LDAP://cn=IP,cn=Inter-site Transports,cn=sites," & _
objRootDSE.Get("configurationNamingContext") )

intBitsOrg = objLink.Get("options")
intBits = CalcBit(intBitsOrig, 2, boolDisableTrans)
intBits = CalcBit(intBitsOrig, 1, boolIgnoreSchedules)


if objLink.Get("options") <> intBits then
objLink.Put "options", intBits
objLink.SetInfo
WScript.Echo "Successfully modified link transitivity for " & strLink
else
WScript.Echo "Did not need to modify link transitivity for " & strLink
end if
11.11.3 Discussion
Active Directory site links are transitive, which means that if site A is linked to site B, and site B
is linked to site C, then site A is also be linked (through site B) to site C. The Knowledge
Consistency Checker (KCC) uses transitivity by default when making decisions about creating
connection objects. You can disable this behavior if you want. Typically this is not something
you'll want to do unless you know what you are doing. Disabling transitivity may be necessary
for some Windows 2000 deployments that have a lot of sites and find that the KCC is having a
hard time keeping up. With Windows Server 2003, the KCC has been greatly improved and site
link transitivity should not cause problems.
The other reason you might want to disable transitivity is if you need to make replication more
deterministic. Disabling transitivity makes it much easier to determine where the KCC will

368
attempt to establish connection objects, because the KCC on a domain controller will not be able
to replicate with domain controllers that are not in sites that are directly linked.
I mention site link schedules here primarily because the same attribute (i.e., options) that
determines site link transitivity also determines if link schedules are enforced. If you enable the
ignore schedules option for a particular transport (i.e., IP or SMTP), the KCC ignores any
preconfigured link schedules. If you later disable this setting, link schedules will go back into
effect.
11.11.4 See Also
Recipe 4.12 for more on setting a bit-flag attribute
Recipe 11.12 Creating a Site Link Bridge

11.12.1 Problem
You want to create a site link bridge because you've disabled site link transitivity.
11.12.2 Solution
11.12.2.1 Using a graphical user interface
1. Open the Active Directory Sites and Services snap-in.
2. In the left pane, expand Sites Inter-Site Transports.
3. Right-click either the IP or SMTP folder depending which protocol you want to create a
site link bridge for.
4. Select New Site Link Bridge.
5. Highlight two or more sites in the left box.
6. Click the Add button.
7. Click OK.
11.12.2.2 Using a command-line interface
Create an LDIF file called create_site_link_bridge.ldf with the following contents, where
<Link1> and <Link2> refer to the site links to be bridged:
dn: cn=<BridgeName>,cn=IP,cn=inter-site
transports,cn=sites,cn=configuration,<ForestRootDN>
changetype: add
objectclass: siteLinkBridge
siteLinkList: cn=<Link1>,cn=IP,cn=Inter-site
Transports,cn=sites,cn=configuration,
<ForestRootDN>
siteLinkList: cn=<Link2>,cn=IP,cn=Inter-site
Transports,cn=sites,cn=configuration,
<ForestRootDN>

369
Then run the following command:
> ldifde -v -i -f create_site_link_bridge.ldf
11.12.2.3 Using VBScript

' This code creates a site link bridge between two site links
' SCRIPT CONFIGURATION
strLink1 = "<Link1>" ' e.g. AMS-LON
strLink2 = "<Link2>" ' e.g. SJC-RTP
strBridge = "<BridgeName>" ' e.g. AMER-EUR
' END CONFIGURATION

set objRootDSE = GetObject("LDAP://RootDSE")
set objLinkCont = GetObject( _
"LDAP://cn=IP,cn=Inter-site Transports,cn=sites," & _
objRootDSE.Get("configurationNamingContext") )
set objBridge = objLinkCont.Create("siteLinkBridge", "cn=" & strBridge)
strLink1DN = "cn=" & strLink1 & _
",cn=IP,cn=Inter-site Transports,cn=sites," & _
objRootDSE.Get("configurationNamingContext")
strLink2DN = "cn=" & strLink2 & _
",cn=IP,cn=Inter-site Transports,cn=sites," & _
objRootDSE.Get("configurationNamingContext")
objBridge.Put "siteLinkList", Array(strLink1DN,strLink2DN)
objBridge.SetInfo

WScript.Echo "Successfully created bridge: " & strBridge
11.12.3 Discussion
If you've disabled site link transitivity or have networks that lack direct routes between sites, you
will need to create site link bridges. Creating a site link bridge to link several links is analogous
to creating a site link to link several sites. Lets take an example where site link transitivity is
disabled and we have four sites; site A has a link to site B and site C has a link to site D. If we
want domain controllers in sites A and B to replicate with sites C and D, we need to create a site
link bridge to bridge the A-B link with C-D.
11.12.4 See Also

Recipe 11.11 for disabling site link transitivity
Recipe 11.13 Finding the Bridgehead Servers for a
Site
11.13.1 Problem
You want to find the bridgehead servers for a site.

370
11.13.2 Solution
11.13.2.1 Using a graphical user interface
1. Open the Replication Monitor from the Support Tools (replmon.exe).
2. From the menu, select View Options.
3. In the left pane, right-click on Monitored Servers and select Add Monitored Server.
4. Use the Add Monitored Server Wizard to add a server in the site you want to find the
bridgehead server(s) for.
5. In the left pane, right-click on the server and select Show BridgeHead Servers In This
Server's Site.
11.13.2.2 Using a command-line interface
> repadmin /bridgeheads [<ServerName>] [/verbose]
The /bridgeheads option is valid only with the Windows Server 2003 version of repadmin.
There is no such option in the Windows 2000 version.
11.13.2.3 Using VBScript
' This code finds the bridgehead servers for the specified site.
' SCRIPT CONFIGURATION
strServer = "<ServerName>" ' server to target query against, e.g. dc01
strSite = "<SiteName>" ' name of site to query
' e.g. Default-First-Site-Name
' END CONFIGURATION

set objIadsTools = CreateObject("IADsTools.DCFunctions")
intRes = objIadsTools.GetBridgeHeadsInSite(Cstr(strServer),Cstr(strSite),0)


if intRes = -1 then
Wscript.Echo "Error bridge heads: " & objIadsTools.LastErrorText
WScript.Quit
end if

for count = 1 to intRes
WScript.Echo vbTab & objIadsTools.BridgeHeadName(count)
next
11.13.3 Discussion
Bridgehead servers are responsible for replicating data between sites. Instead of all domain
controllers replicating the same naming contexts outside of the site, the bridgehead servers act as
a funnel for replication into and out of a site. Any domain controller in a site can become a
bridgehead server and bridgeheads are designated by the KCC for each writeable partition in the
site. You can control which servers are designated as bridgehead servers by defining preferred
bridgehead servers. See Recipe 11.14
for more on how to do this.