Inter-site replication must be enabled and configured to occur at least daily.
An XCCDF Rule
Description
<VulnDiscussion>Timely replication makes certain that directory service data is consistent across all servers that support the same scope of data for their clients. In AD implementation using AD Sites, domain controllers defined to be in different AD Sites require Site links to specify properties for replication scheduling. If AD Site link schedule and replication interval properties are configured improperly, AD data replication may not occur frequently enough and updates to identification, authentication, or authorization data may not be current on all domain controllers. If this data is not current, access to resources may be incorrectly granted or denied. The default for inter-site replication is to occur every 180 minutes, 24 hours a day.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-243497r959010_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Maintain an Active Directory replication schedule that allows inter-site replication to occur at least on a daily basis.
Open "Active Directory Sites and Services". (Available from various menus or run "dssite.msc".)
Expand "Sites" in the left pane.
Expand "Inter-Site Transports" and select "IP".
For each site link that is defined in the right pane perform the following:
Right click the site link item and select "Properties".