Enterprise/Domain Replication

Why not connect to your local domain control and make changes on it? that way the replication goes the other way and should not impact you.

Failing that force replication through sites and services if you have access to it.

I am going though my own Domain Controller but for some strange reason it always replicates up before it comes down.  Perhaps there's some setting I'm missing?

have you tried forcing the replication so that the replication comes back to you faster?
To force replication over a connection
Open Active Directory Sites and Services.
In the console tree, click NTDS Settings for the server that you want to force replication.
Where?
Active Directory Sites and Services/Sites/site that contains the connection over which you want to replicate directory information/Servers/server that you want to force replication/NTDS Settings
In the details pane, right-click the connection over which you want to replicate directory information, and then click Replicate Now.

When you log onto the server or run from your local machine open up users and computers at the top of the left hand windows go up to the tp where it says "Active directory users and computers [yourdomaincontroller@yourdomain.com]" Is that DC listed your local DC? if not right click it and select "connect to domain controller" and choose your DC from the list.

While connected to your DC can you create OU's etc and do they appear/replicate instantly?

I've tried that too.  Do you know of a tool that I can look at the replication on this domain???

There is a tool called replication monitor that comes with the support tools called replmon.exe which will allow you to monitor and troubleshoot replication.

I can create OU's and they do appear instantly

OK are you using the group policy managment console to create GPO's? if so if you right click the domain and select change domain controller does this allow you to create policies on your won DC? do they appear in the sysvol directory etc?


Alos when you said you created a policy and it didn't appear do you mean the screen saver didn't appear? or the policy? as you might just need to go to the clients and run gpupdate/force also running gupresult on the clients will see if they are getting the policy.

Yes the policy isn't showing up on the test machine.  Yes I am using GPO mgmt tool. And yes it allows me to create gpo's on my own DC.  I will check sys vol folder to see if that's my problem and let you know.

OK the last GPO to appear, is 7/7 at 12:42 and that's about right.  It seems to be there.  Although I can't read that number, but it's the last one I did and it was yesterday...  Perhaps the machine is the issue???

The policy is simple, it's a screen saver policy assigned to the user.  The interesting part is the machine has other domain policies assigned to it so I'm not sure of the method to use to trouble shoot???

well what screen saver is the policy calling? does it exist on the client machine? are there other policies in placwe which may affect it?

run "gpresult" from the command line on the client to see if the policy is being applied as a first step

I usually run rsop.msc I'm running gpresult now.  The machine isn't calling a screensaver at all.  The policy is suppose to lock the machine after 10 minutes, take out the tab for the screen saver and run a specific screen saver for the system32 folder.  Last question, where to I pickup the results???

On screen just type "gpresult" from the command line on the client machine and you will see the output.

I'm going to attach the file.  What's interesting is that the policy is being applied from DC002.  I'm going to look at that next.  But I can see that it's not being applied.
policyresults.txt

I'm running replication monitor, We have a forest of about 100 or more sites.  Correct me if I'm wrong.. But are we here suppose to replicate to all the DC's in the forest??? Or should it just be replication between the domain and the top domain?? Meaning the Corp office where the enterprise begins???

You can configure replication anyway you want, but design comes into play. You would not typically replicate with every other DC with every other DC, in a hub and spoke design you would replicate all sites with the root servers.

OK I"m starting to see why I have so many problems.  It seems that my DC is replicating all over the forest and not to root servers.  We have root server but they are reporting replication failures, unreachable.  So perhaps this the result, I'm replicating to all the devices in the forest.

That would explain why things are taking so long for sure...bad design or no design just ad-hoc.

Yes.  Hopefully I can "sweet talk" those people into listening to me... I'm an MCSE and I've never seen such a bad design.

I bet it won't be the last time either. ;)

Probably not.  I can't even figure out what they are doing. The only thing I can think of is they got rid of the root servers and are using DC's as root servers and the forest hasn't caught up yet???

Couldn't say without seeing it myself, I think you need to speak to them though.

One more question, Spoke and Hub isn't that more of a routing issue then a Forest Issue.  Even if everyone is "suppose to replicate" to the DC's in the Root domain, if the routing isn't set up as spoke and hub then I'd be replicating everywhere?

Hub and spoke just means all sites go back to a central office directly and not via another satelite site however if the networks do not go back to that main site then this might change he design somewhat yes, however so long as a site can communicate with the main site it can on theory replicate directly with that site even though the trafick transists via another office.

If your bus goes from A to C but has to go through B thats fair enough, however it does not mean you have to stop at B, or get off or even change bus, you can just tranist past it ....make sense?

Yes but so far as I can see, I'm going a, b, c, d.... see for yourself... I'm attaching this and it's still not done yet.  I have to get my AD books out to really remember this one. But I do know what you mean, I just don't know why this is and how to recommend the fix....  All the DC's should be replicating to the "root domain servers" and not each other.  But I see all these domain with my dc in them
replication.bmp

lastly there's so many deleted servers showing up too...
more.bmp

DC's located in the same site should replicate to each other and often, the reason being there is no bandwith issue and servers at the same site need to maintain consitent data so that is normal, however 1 not both would replicate back to the main site.

The deleted servers are sloppy, advise them to do a meta data clean up of the domain and get their house in order.

Nothing is in the same site these are different locations in the US.  It's one forest, many domains, many locations.  That's what I mean,  my data is going all over the place replicating... I will tell them about that as soon as I figure out how to break this to them.

This was a machine issue.  I reformated my test machine and  the policy came in fine.  thanks for all the information and help today. PS the enterprise manager thinks I'm crazy because he runs replmon everyone morning and doesn't see deleted servers.  According to him, we are only replicating to my own domain and his.  Oh well....