LDAP Port 389

[flam]

Wondering if any one seen this before. We have a hub and spoke design. So basically all the DCs in the spoke sites are replicating with the hub DC. I can see this in the AD Sites and Services tool. Under a server's NTDS Settings, it shows one connection, back to the hub DC.

However, I noticed something today that is odd. One of the DCs in the spoke site is opening udp port 389 sessions, which are AD LDAP sessions, to all the DCs in the other sites. I thought it was only supposed to be connecting to the DC in the hub. Under what circumstances would a DC actually open sessions to all the other DCs?

Thanks

 

[Seaspray0]

You might wish to check your replication scheme in active directory sites and services. Replication also can vary from DC to DC depending on the settings. If that one server is in the same site as another DC, you may wish to set one up as the prefered bridgehead for replication to other sites.

 

[Seaspray0]

Come to think of it, double check the cost assoicated with replication from that one server. The lowest cost should be to your hub with a relatively much higher cost to the other spokes.

 

[flam]

Thanks for the reply. However, I don't think the cost is relevant in this situation. I have defined site links ONLY between the hub and the spokes. The DCs in the spoke sites do not have any site links or site link bridges between them. So there should not be any replication directly between the spoke site DCs.

When I check the NTDS Settings for the spoke servers, it shows one replication connection, and that is the one back to the hub DC, which is correct. I am wondering why there are LDAP udp 389 connections to other spoke site DCs.

Thanks.