Is there a best practice document to configure one way replica? This is for DR site setup.

You have to mark the receiving DSA as 'shadow' for one way replication.

Caution, once marked as shadow, no one can write/modify information in that DSA. It will only accept changes from it's peer DSAs as part of one-way replication. It is strongly suggested to test this out in lower environment first by setting up two DSAs in MW replication with one of them being 'shadow' and see it that satisfies your business requirement.

For information on what 'shadow' parameter is designed to do, you can refer to:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-0/reference/commands-reference/set-dsa-command-define-the-knowledge-settings-of-a-dsa.html 

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-0/administrating/manage-operations/reject-operations.html