Maybe this will help, Windows Server 2003 Active Directory Branch Office Guide Deploying Active Directory services in a branch office environment requires additional configuration above and beyond a normal Active Directory deployment in order to meet the special requirements of the branch office scenario. This guide is aimed at network managers, system integrators, and consultants involved in Active Directory branch office implementations, either in their own organizations or for client companies. By implementing the procedures in this document, you should be able to deploy and maintain Active Directory in a branch office environment. http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-4 0BB-9FA7-3A95C9540112&displaylang=en Greetings Lode Rammelaere ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Evan Mann Sent: vrijdag 19 november 2004 14:58 To: thin@xxxxxxxxxxxxx Subject: [THIN] OT: AD Replications with VPN based WAN network My network is basically a big star, with my corporate office in the middle and a bunch of spokes for remote sites. Every remote site has it's own 2003 AD set as a GC. The FSMO roles are at the Corporate site. The remote sites can only talk to the Corporate site over VPN. There is no remotesite-to-remotesite connections. The KCC, doing its job, creates links at every site to every DC in my AD network. The odd thing is that there are NO site-link's between any sites except any given remote site and corporate, however, I've got all these remote sites with connectors to other remote sites. Is the KCC supposed to create connectors even if ther eis no site-link? It seems kind of stupid since without a site-link, those two site can't replicate anyway, correct? Ok, so lets say I turn off the KCC on all these remote site DCs and clean up all these extra connectors. From what I know, this causes no detrimental problems with active directory, but I loose the purpose of the KCC, which is to ensure I always have replication links incase of a network breakdown. Is this correct, or would I "break" something by disabling KCC on the remote site DCs Anyone else out there have a similar AD setup? How are you handling it?