[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

NTDS Active Directory replication question

Posted on 2011-03-18
11
Medium Priority
?
436 Views
Last Modified: 2012-05-11
hi all,

was just wondering, i just added a new user to dc1 i checked at dc3 and i thought that on new user add it replicates instantly?

i looked the schedule (automatically created one) states it goes every hour, i thought it replicated isntantly on the following events:

account creation
account lockout
account pass change

any others and am i right in thinking this and how can i troublshoot the fact that its not
0
Comment
Question by:awilderbeast
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 11

Assisted Solution

by:Tasmant
Tasmant earned 664 total points
ID: 35164782
depends if your DC are in the same AD site or dispersed over sites.
when in the same site, since windows 2003 replication takes max 30 seconds.
for dispersed domain controllers over site, depends of your replication topology and time you setup.
but the replication is not forced for specific events, replication follow what it is configured for all events.
0
 
LVL 1

Author Comment

by:awilderbeast
ID: 35164815
DC1 and DC3 are at different offices but they are all part of the same domain

ah right so its always an hour(if thats what its set as in the auto generated replication topology) no matter what, even in server 2008?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35164884
yes even in server 2008
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 10

Expert Comment

by:Bawer
ID: 35164940
if servers are in the same site, the replication will happen every 15 seconds, if the servers are in different sites, the replication will depend on the time defined by the admin,

what is the current structure?
0
 
LVL 1

Author Comment

by:awilderbeast
ID: 35164951
just to reclarify sites are buildings yes

dc1 is in building 1 and dc3 is in building 3 (connected via vpn)
0
 
LVL 10

Expert Comment

by:Muzafar Momin
ID: 35165209
user AD sites and Service to configure replication time/schedule
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 1336 total points
ID: 35165323
Hi,

You may have single domain however different different sites. if you check in active directory sites and services, under site if you see them under different sites, They look like yellow retangular boxes.

Not sure if are referring them as buildings. But if the servers are physically in different building then it may or may not be in different sites. It will be dependent on how they are place in active directory.

For within site replication time is 15 min by default
For across the sites replication time is 180 min by default

both can be configured as per the requirement

you can force replication using replmon, repadmin /syncall or simply going to ad sites and services and right click on site links and selecting replicate now to force replication irrespective of the schedule

Account creation will be replicated using normal schedules

account lockout
account pass change  

    * Replicating a newly locked out account
    * Changing an LSA secret
    * Changing the account lockout policy
    * Changing the domain password policy
    * Changing the password on a machine account

will be immediate irrespective of intersite or intrasite replication because they come under urgent replication kicked by PDC emulator role.
0
 
LVL 1

Author Comment

by:awilderbeast
ID: 35166613
i created a subnet for each site  and put a dc in each one, as per screen

when i look at the default NTDS settings it says replicates once per hour

so lockout and pass change replicate immideatley is it?


ive attached screen below
Capture.PNG
0
 
LVL 12

Assisted Solution

by:Navdeep
Navdeep earned 1336 total points
ID: 35166667
Yes as they come under urgent replication
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 35166673
You can test that
0
 
LVL 1

Author Closing Comment

by:awilderbeast
ID: 35166693
thanks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question