You need to ensure that the domain controllers in the branch offices only replicate to the domain controller in the main office

Your company has a main office and four branch offices. An Active Directory site exists for
each office. Each site contains one domain controller. Each branch office site has a site link
to the main office site.
You discover that the domain controllers in the branch offices sometimes replicate directly to
each other.

You need to ensure that the domain controllers in the branch offices only replicate to the
domain controller in the main office.
What should you do?

Your company has a main office and four branch offices. An Active Directory site exists for
each office. Each site contains one domain controller. Each branch office site has a site link
to the main office site.
You discover that the domain controllers in the branch offices sometimes replicate directly to
each other.

You need to ensure that the domain controllers in the branch offices only replicate to the
domain controller in the main office.
What should you do?

A.
Modify the firewall settings for the main office site.

B.
Disable the Knowledge Consistency Checker (KCC) for each branch office site.

C.
Disable site link bridging.

D.
Modify the security settings for the main office site.

Explanation:
http://technet.microsoft.com/en-us/library/cc757117.aspx
Configuring site link bridges
By default, all site links are bridged, or transitive. This allows any two sites that are not
connected by an explicit site link to communicate directly, through a chain of intermediary
site links and sites. One advantage to bridging all site links is that your network is easier to
maintain because you do not need to create a site link to describe every possible path
between pairs of sites.
Generally, you can leave automatic site link bridging enabled. However, you might want to
disable automatic site link bridging and create site link bridges manually just for specific site
links, in the following cases:
You have a network routing or security policy in place that prevents every domain controller
from being able to directly communicate with every other domain controller.



Leave a Reply 0

Your email address will not be published. Required fields are marked *