Avatar of AXISHK
 asked on

Site synchronization

I have one WIndow 2008 and 2003 DC. My Window 2008 is down and I want to put the Window 2003 in a site in order to sychronize with the remote Window 2008 DC in the remote site.

When I add the Window 2003 DC to the remote site definition and start the replicate, it pop up the error
"The following eeror occurred during the attemp to contact the domain controller HKG-DC02: Directory object not found." Any idea ?

Can the Window 2008 RODC in remote site could syncrhonize with the my Window 2003 DC ?

Windows Server 2003Windows Server 2008

Avatar of undefined
Last Comment

8/22/2022 - Mon

If you do not have a functional read/write DC, you can not make changes to the AD.  You would have to restore/repair the windows 2008 DC.
The RODC can not add data since it is a read-only DC it forward the data to the DC that you say is down.




BEJ-DC01 is a Window 2008 RODC in site BEI

HKG-DC02 is a Window 2003 DC and HKG-DC03 is a Window 2008 DC in site HKG

Just to clarify few things :
1. Is it correct for BEJ-DC01 to have only one incoming connection from HKG-DC03 ? Could I add the connection from from HKG-DC02 ?

2. Is it correct for HKG-DC03 to have incoming connetion from HKG-DC02 only ?



From the link I posted earlier: http://technet.microsoft.com/en-us/library/cc754956%28WS.10%29.aspx

You have to add a win2k8 DC to which the RODC from the branch will connect and get data.
Quote from:http://technet.microsoft.com/en-us/library/cc754956%28WS.10%29.aspx

"Can an RODC replicate to other RODCs?

No, an RODC can only replicate from a writable Windows Server 2008 domain controller. In addition, two RODCs for the same domain in the same site do not share cached credentials. You can deploy multiple RODCs for the same domain in the same site, but it can lead to inconsistent logon experiences for users if the WAN to the writeable domain controller in a hub site is offline. This is because the credentials for a user might be cached on one RODC but not the other. If the WAN to a writable domain controller is offline and the user tries to authenticate with an RODC that does not have the user’s credentials cached, then the logon attempt will fail. "

Open in new window

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

One last question. Currently, my RODC only have one inbound connection objects instead of two. Is that correct ?


Why does an RODC have two inbound connection objects?

This is because File Replication Service (FRS) requires its own pair of connection objects in order to function correctly.

In previous versions of Windows Server, FRS was able to utilize the existing connection objects between two domain controllers to support its replication of SYSVOL content. However, because an RODC only performs inbound replication of Active Directory data, a reciprocal connection object on the writable replication partner is not needed.

Consequently, the Active Directory Domain Services Installation Wizard generates a special pair of connection objects to support FRS replication of SYSVOL when you install an RODC. The FRS connection objects are not required by DFS Replication.

I am not sure what you are asking.
You seem to have posted the quote that answers your last question.

There is no replication going from the RODC to the remote.
RODC only has one inbound replication connection.

Under my post screenshot, there is only one connection BEJ-DC01 --> NTDS Settings --> RODC Connection (FRS) instead of two mentioned in the the document.  I really don't understand how the document says two inbound connection objects.

Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question