Your company has a main officeand three branch offices.
The company has an Active Directory forestthat has a single domain.
Each officehas one domain controller.
Each officeis configuredasan Active Directory site.
All sitesare connectedwith the DEFAULTIPSITELINK object.
You need to decrease the replication latency between the domain controllers.
What should you do?

A.
Decrease the replication schedule for the DEFAULTIPSITELINK object.

B.
Decrease the replication interval for the DEFAULTIPSITELINK object.

C.
Decrease the cost between the connection objects.

D.
Decrease the replication interval for all connection objects.

Explanation:
Answer.Decrease the replication interval for the DEFAULTIPSITELINK object.
Personal comment:
All sites are connected with the DEFAULTIPSITELINK object. <- this roughly translates into all sites are
connected with the first domain controller in the forest
So the topology is star shaped.
Thus, decreasing the cost between the connection objects will offer no benefit.
We know we have multiple sites linked and are usinga DEFAULTIPSITELINK object.
Thus, the most plausible answer is to decrease the replication interval for DEFAULTIPSITELINK.
http://www.informit.com/articles/article.aspx?p=26866&seqNum=5
Understanding Active Directory, Part III
Replication
Active Directory replication between domain controllers is managed by the system administrator on a site-bysite basis. As domain controllers are added, a replication path must be established. This is done by the
Knowledge Consistency Checker (KCC), coupled with Active Directory replication components. The KCC is a
dynamic process that runs on all domain controllersto create and modify the replication topology. If a domain
controller fails, the KCC automatically creates newpaths to the remaining domain controllers. Manual
intervention with the KCC will also force a new path.
The Active Directory replaces PDCs and BDCs with multimaster replication services. Each domain controller
retains a copy of the entire directory for that particular domain. As changes are made in one domain controller,
the originator communicates these changes to the peer domain controllers. The directory data itself isstored in
the ntds.dit file.
Active Directory replication uses the Remote Procedure Call (RPC) over IP to conduct replication within a site.
Replication between sites can utilize either RPC orthe Simple Mail Transfer Protocol (SMTP) for data
transmission. The default intersite replication protocol is RPC.
Intersite and Intrasite Replication
There are distinct differences in internal and intersite domain controller replication. In theory, thenetwork
bandwidth within a site is sufficient to handle allnetwork traffic associated with replication and other Active
Directory activities. By the definition of a site, the network must be reliable and fast. A change notification
process is initiated when modifications occur on a domain controller. The domain controller waits for a
configurable period (by default, five minutes) before it forwards a message to its replication partners. During
this interval, it continues to accept changes. Uponreceiving a message, the partner domain controllers copy the
modification from the original domain controller. In the event that no changes were noted during a configurable
period (six hours, by default), a replication sequence ensures that all possible modifications are communicated.
Replication within a site involves the transmissionof uncompressed data.
NOTE
Security-related modifications are replicated within a site immediately. These changes include accountand
individual user lockout policies, changes to password policies, changes to computer account passwords,and
modifications to the Local Security Authority (LSA).
Replication between sites assumes that there are network-connectivity problems, including insufficient
bandwidth, reliability, and increased cost. Therefore, the Active Directory permits the system to makedecisions
on the type, frequency, and timing of intersite replication. All replication objects transmitted between sites are
compressed, which may reduce traffic by 10 to 25 percent, but because this is not sufficient to guarantee
proper replication, the system administrator has the responsibility of scheduling intersite replication.
Replication Component Objects
Whereas the KCC represents the process elements associated with replication, the following comprise the
Active Directory object components:
Connection object. Domain controllers become replication “partners” when linked by a connection object.
This is represented by a one-way path between two domain controller server objects. Connection objects
are created by the KCC by default. They can also bemanually created by the system administrator.
NTDS settings object. The NTDS settings object is acontainer that is automatically created by the Active
Directory. It contains all of the connection objects, and is a child of the server object.
Server object. The Active Directory represents every computer as a computer object. The domain controller
is also represented by a computer object, plus a specially created server object. The server object’s parent
is the site object that defines its IP subnet. However, in the event that the domain controller serverobject
was created prior to site creation, it will be necessary to manually define the IP subnet to properly assign the
domain controller a site.
When it is necessary to link multiple sites, two additional objects are created to manage the replication
topology.
Site link. The site link object specifies a series of values(cost, interval, and schedule) that define the
connection between sites. The KCC uses these valuesto manage replication and to modify the replication
path if it detects a more efficient one. The ActiveDirectory DEFAULTIPSITELINKis used by default until
the system administrator intervenes. The cost value, ranging from 1 to 32767, is an arbitrary estimateof the
actual cost of data transmission as defined bandwidth. The interval value sets the number of times
replication will occur: 15 minutes to a maximum of once a week (or 10080 minutes) is the minimum; three
hours is the default. The schedule interval establishes the time when replication should occur. Although
replication can be at any time by default, the system administrator may want to schedule it only during offpeak network hours.
Site link bridges. The site link bridge object defines a set of links that communicate via the same protocol.
By default, all site links use the same protocol, and are transitive. Moreover, they belong to a single site link
bridge. No configuration is necessary to the site link bridge if the IP network is fully routed. Otherwise,
manual configuration may be necessary.
Further information:
http://technet.microsoft.com/en-us/library/cc775549%28v=ws.10%29.aspx
What Is Active Directory Replication Topology?
Replicationof updates to Active Directory objects are transmitted between multiple domain controllers to keep
replicas of directory partitions synchronized. Multiple domains are common in large organizations, as are
multiple sites in disparate locations. In addition,domain controllers for the same domain are commonly placed
in more than one site.
Therefore, replication must often occur both withinsites and between sites to keep domain and forest data
consistent among domain controllers that store the same directory partitions. Site objects can be configured to
include a set of subnets that provide local area network (LAN) network speeds. As such, replication within sites
generally occurs at high speeds between domain controllers that are on the same network segment. Similarly,
site link objects can be configured to represent the wide area network (WAN) links that connect LANs.
Replication between sites usually occurs over theseWAN links, which might be costly in terms of bandwidth. To
accommodate the differences in distance and cost ofreplication within a site and replication between sites, the
intrasite replication topology is created to optimize speed, and the intersite replication topology iscreated to
minimize cost.
The Knowledge Consistency Checker (KCC) is a distributed application that runs on every domain controller
and is responsible for creating the connections between domain controllers that collectively form the replication
topology. The KCC uses Active Directory data to determine where (from what source domain controller towhat
destination domain controller) to create these connections.
..
The following diagram shows the interaction of these technologies with the replication topology, whichis
indicated by the two-way connections between each set of domain controllers.
Replication Topology and Dependent Technologies

http://technet.microsoft.com/en-us/library/cc755994%28v=ws.10%29.aspx
How Active Directory Replication Topology Works
..
Replication Topology Physical Structure
The Active Directory replication topology can use many different components. Some components are required
and others are not required but are available for optimization. The following diagram illustrates mostreplication
topology components and their place in a sample Active Directory multisite and multidomain forest. The
depiction of the intersite topology that uses multiple bridgehead servers for each domain assumes thatat least
one domain controller in each site is running at least Windows Server 2003. All components of this diagram and
their interactions are explained in detail later inthis section.
Replication Topology Physical Structure

In the preceding diagram, all servers are domain controllers. They independently use global knowledge of
configuration data to generate one-way, inbound connection objects. The KCCs in a site collectively create an
intrasite topology for all domain controllers in the site. The ISTGs from all sites collectively create an intersite
topology. Within sites, one-way arrows indicate theinbound connections by which each domain controller
replicates changes from its partner in the ring. For intersite replication, one-way arrows represent inbound
connections that are created by the ISTG of each site from bridgehead servers (BH) for the same domain(or
from a global catalog server [GC] acting as a bridgehead if the domain is not present in the site) in other sites
that share a site link. Domains are indicated as D1, D2, D3, and D4.
Each site in the diagram represents a physical LAN in the network, and each LAN is represented as a site
object in Active Directory. Heavy solid lines between sites indicate WAN links over which two-way replication
can occur, and each WAN link is represented in Active Directory as a site link object. Site link objects allow
connections to be created between bridgehead servers in each site that is connected by the site link.
Not shown in the diagram is that where TCP/IP WAN links are available, replication between sites uses the
RPC replication transport. RPC is always used within sites. The site link between Site A and Site D uses the
SMTP protocol for the replication transport to replicate the configuration and schema directory partitions and
global catalog partial, read-only directory partitions. Although the SMTP transport cannot be used to replicate
writable domain directory partitions, this transport is required because a TCP/IP connection is not available
between Site A and Site D. This configuration is acceptable for replication because Site D does not host
domain controllers for any domains that must be replicated over the site link A-D.
By default, site links A-B and A-C are transitive (bridged), which means that replication of domain D2is possible
between Site B and Site C, although no site link connects the two sites. The cost values on site linksA-B and AC are site link settings that determine the routingpreference for replication, which is based on the aggregated
cost of available site links. The cost of a direct connection between Site C and Site B is the sum of costs on site
links A-B and A-C. For this reason, replication between Site B and Site C is automatically routed through Site A
to avoid the more expensive, transitive route. Connections are created between Site B and Site C only if
replication through Site A becomes impossible due to network or bridgehead server conditions.
…
Control Replication Latency and Cost
Replication latency is inherent in a multimaster directory service. A period of replication latency begins when a
directory update occurs on an originating domain controller and ends when replication of the change isreceived
on the last domain controller in the forest that requires the change. Generally, the latency that is inherent in a
WAN link is relative to a combination of the speed of the connection and the available bandwidth. Replication
cost is an administrative value that can be used toindicate the latency that is associated with different
replication routes between sites. A lower-cost route is preferred by the ISTG when generating the replication
topology.
Site topology is the topology as represented by thephysical network: the LANs and WANs that connect domain
controllers in a forest. The replication topology is built to use the site topology. The site topologyis represented
in Active Directory by site objects and site link objects. These objects influence Active Directory replication to
achieve the best balance between replication speed and the cost of bandwidth utilization by distinguishing
between replication that occurs within a site and replication that must span sites. When the KCC creates
replication connections between domain controllers to generate the replication topology, it creates more
connections between domain controllers in the same site than between domain controllers in different sites.
The results are lower replication latency within a site and less replication bandwidth utilization between sites.
Within sites, replication is optimized for speed asfollows:
Connections between domain controllers in the same site are always arranged in a ring, with possible
additional connections to reduce latency.
Replication within a site is triggered by a change notification mechanism when an update occurs, moderated
by a short, configurable delay (because groups of updates frequently occur together).
Data is sent uncompressed, and thus without the processing overhead of data compression.
Between sites, replication is optimized for minimalbandwidth usage (cost) as follows:
Replication data is compressedto minimize bandwidth consumption over WAN links.
Store-and-forward replicationmakes efficient use of WAN links — each update crosses an expensive link
only once.
Replication occurs at intervals that you can scheduleso that use of expensive WAN links is managed.
The intersite topologyis a layering of spanning trees(one intersite connection between any two sites for
each directory partition) and generally does not contain redundant connections.
…
Topology-Related Objects in Active Directory
Active Directory stores replication topology information in the configuration directory partition. Several
configuration objects define the components that are required by the KCC to establish and implement the
replication topology:
..
Site Link Objects
For a connection object to be created on a destination domain controller in one site that specifies a source
domain controller in another site, you must manually create a site link object (class siteLink ) that connects
the two sites. Site link objects identify the transport protocol and scheduling required to replicate between two
or more sites. You can use Active Directory Sites and Services to create the site links. The KCC uses the
information stored in the properties of these site links to create the intersite topology connections.
A site link is associated with a network transport by creating the site link object in the appropriatetransport
container (either IP or SMTP). All intersite domainreplication must use IP site links. The Simple Mail Transfer
Protocol (SMTP) transport can be used for replication between sites that contain domain controllers that do
not host any common domain directory partition replicas.
Site Link Properties
A site link specifies the following:
Two or more sites that are permitted to replicate with each other.
An administrator-defined cost value associated withthat replication path. The cost value controls theroute
that replication takes, and thus the remote sites that are used as sources of replication information.
A schedule during which replication is permitted tooccur.
An interval that determines how frequently replication occurs over this site link during the times when the
schedule allows replication.
Default Site Link
When you install Active Directory on the first domain controller in the forest, an object named
DEFAULTIPSITELINKis created in the Sites container (in the IP container within the Inter-Site Transports
container). This site link contains only one site, Default-First-Site-Name.