Giters

EvotecIT / Testimo

Testimo is a PowerShell module for running health checks for Active Directory against a bunch of different tests

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

All site links use notifications

SUBnet192 opened this issue · comments

commented

I have seen this issue everywhere I run Testimo, but this is in my homelab with 2 domain controllers, single site. I updated the Site Link option attribute to "1" and that cleared the "UseNotify" for the first section:

[i][Forest] Site Links [Informative]
[t][Forest] Site Links [Pass] [Data is available.]
[t][Forest] Replication Frequency should be set to maximum 60 minutes [Pass] [Expected value (Less Than): 60]
[t][Forest] Automatic site links should use notifications [Pass] [UseNotify]
[i][Forest] Site Links [Time to execute tests: 0 days, 0 hours, 0 minutes, 0 seconds, 218 milliseconds][Tests Total: 3, Passed: 3, Failed: 0, Skipped: 0]

However, the Site Links Connections doesn't seem to differentiate between intra-site, and inter-site connections and always reports a Fail.

[i][Forest] Site Links Connections [Informative]
[t][Forest] Site Links Connections [Pass] [Data is available.]
[t][Forest] All site links are automatic [Pass]
[t][Forest] All site links use notifications [Fail] [Expected value (Equal): 0, Found value: 2]
[i][Forest] Site Links Connections [Time to execute tests: 0 days, 0 hours, 0 minutes, 0 seconds, 124 milliseconds][Tests Total: 4, Passed: 2, Failed: 1, Skipped: 1]

commented

You may want to read this: https://evotec.xyz/active-directory-instant-replication-between-sites-with-powershell/

There is a difference between automatic links and using notifications to provide instant replication (rather than waiting for 15-180 minutes). Keep in mind it's not applicable to all situations, especially complex environments and you should always be careful when enabling it.

commented

I understand this fully. However the issue is not what you are referring to.

  • Setting the USE_NOTIFY on site links will make every automatically generated links between DCs in different sites replicated instantly when there is a change.
  • Manual site links are not affected by this, and you need to set the USE_Notify manually on those links (that we both agree on).
  • Site links between domain controllers on the SAME SITE do not need the USE_NOTIFY and are not affected by the Site Link setting (since it's for between different sites) - I just tested by deleting the auto-generated site links and letting KCC recreate them, and the Options value is still just "IS_GENERATED".

In my example, I have 2 DCs, in the same site. so there is no need to set the USE_NOTIFY flag. But Testimo says that it's not right. So if the SIteTo/SiteFrom are the same, there's no need for USE_NOTIFY.

EnabledConnection ServerFrom ServerTo SiteFrom SiteTo Options WhenCreated

         True SVPCHQADS001 SVPCHQADS002 CHQ      CHQ    IsGenerated 12/25/2019 8:46:52 AM
         True SVPCHQADS002 SVPCHQADS001 CHQ      CHQ    IsGenerated 12/25/2019 8:58:57 AM
commented

I guess I need to review the code behind it and update logic. Thanks