Use Samba kcc for samba replication.
In some Domains you have multiple sites with different connection types. For full replication some of these connections might be to slow or to expensive.
You have configured your domain according to this article (outdated).
root@master:~# ucr search kcc samba4/kccsrv/samba_kcc: <empty> If this variable is set to 'yes', Samba/AD uses the new implementation of the KCC, which supports sparse network replication. If the variable is unset, the the older full mesh replication is used.
Create and join additional UCS servers by configuring sites as shown in the article.
Allow traffic between all sites. Samba will figure out the latency of the links an disable the slow ones with the kcc algorithm. Do not filter any packages by your firewall.
Enable kcc support for Samba on ALL samba domain controllers (DCs):
root@master:~# ucr set samba4/kccsrv/samba_kcc=yes root@master:~# /etc/init.d/samba restart
Verify the settings with
root@master:~# samba-tool drs showrepl root@master:~# samba-tool drs kcc