Possible problem with AD2003 replication

I hate when while solving one problem, you run into another but I was having an issue with a user being constantly being locked out. I employed a Microsoft tool called LockOutStatus which helped me solve that problem but may have uncovered another...

I have 3 Windows 2003 AD controllers and the LockOutStatus tool shows the bad password count on all three. For this particular user, the were all different. AD1 showed 7 bad passwords while AD2 showed 4 and AD3 showed 0. This lack of consistency bothers me with respect to replication.

The "Additional Account Info" tab in UAC shows 4 so it's reading from AD2 but is this normal or show all of these match?

How can I tell if I actually do have a replication problem?

Thanks
Mark LewisAsked:
Who is Participating?
 
Seth SimmonsSr. Systems AdministratorCommented:
You should look at your event logs, specifically directory service for any replication issues.

The fact that different domain controllers show different results for this is normal.  The client will authenticate with the first domain controller it can contact.  It just so happens that AD1 was contacted 7 times and AD2 4 times.
0
 
Mike KlineCommented:
That is fine, that attribute badPwdCount is not replicated, more info here (see the remarks section)

http://msdn.microsoft.com/en-us/library/ms675244(VS.85).aspx

Use repadmin  with the /showreps and /showrepl switches to get a quick overview of your replication.

Thanks

Mike
0
 
Kini pradeepPrincipal Cloud and security consultantCommented:
For replication inconsistency check the Repadmin / showreps and it should show the last sucessful replication. as far as account lock out is concerned. Enable netlogon logging on the PDC and the other domain controllers. the logs should show the machine that is throwing the bad password count.

http://support.microsoft.com/kb/109626

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.