Tag Archive: Replication

Feb 11

RODC Trick: Remove a User’s Password from a RODC without forcing the user to change her password

TechNet (RODC FAQ) states: How can you clear a password that is cached on an RODC? There is no mechanism to erase passwords after they are cached on an RODC. If you want to clear a password that is stored on an RODC, an administrator should reset the password in the hub site. This way, …

Continue reading »

Share

Jan 20

Active Directory Replication Site Link Schedules and Time Zones

Here’s an interesting question regarding AD site schedules: QUESTION: If there is a DC in Los Angeles & a DC in Washington DC with an AD site schedule of 12pm – 5pm, when does replication actually occur? Note: There is a 3 hour time difference between LA & DC. ANSWER: The Washington DC Domain Controller …

Continue reading »

Share

Jan 18

Active Directory Replication Packet Capture

I was interested in what happens behind the scenes when a Domain Controller replicates to another, so I ran a packet capture to see what happens behind the scenes. My test environment for this packet capture is a single forest, single domain environment with two DCs, both of which running Windows Server 2008 R2. On …

Continue reading »

Share

Jan 08

Resource: Troubleshooting Active Directory with Repadmin

While researching the Repadmin command line tool , I came across this excellent resource describing it in some detail. TechNet Support WebCast: Troubleshooting Active Directory replication using the Repadmin tool: A look into the inner workings I highly recommend at least viewing the PowerPoint file (and perhaps the transcript file) Note: This presentation is listed …

Continue reading »

Share

Dec 02

Tracking (Active Directory) Updates, Some of the Finer Points of AD Replication

while digging deep into how Active Directory actually works, I discovered another great article on TechNet called Tracking Updates. It goes into great detail about how AD handles updates (including collisions) and replicates them. Some of the key points in the article: Every Domain Controller keeps its own incrementing update counter called Update Sequence Numbers …

Continue reading »

Share

Nov 29

Active Directory Replication Resources

If you really want a deep dive into Active Directory replication, I highly recommend the following resources: How Active Directory Replication Topology Works AD Replication Model These two resources will provide more information on AD replication than you probably ever wanted to know. Some key concepts that are explored: Up-to-dateness vector High watermark USN attributes …

Continue reading »

Share

Nov 25

Troubleshooting: Users Can’t Login (aka Why SYSVOL Replication is Critical for GPO Processing)

I recently assisted a customer with an issue where users where unable to connect to Citrix on the thin clients. The problem seemed to be related to an error on the server stating that group policy could not be processed on the computer. There was an error that pointed to not being able to access …

Continue reading »

Share

Nov 15

Initial synchronization requirements for Windows Server operations master role holders

It is important to know what needs to replicate before a FSMO server can operate as a FSMO. This article describes the initial synchronization requirements for domain controllers that host operations master roles and that are running Microsoft Windows Server 2003 or Microsoft Windows 2000 Service Pack 3 (SP3) or later. Initial synchronization must occur …

Continue reading »

Share

Nov 10

Active Directory Resource Reference List

There are a number of technologies required by Active Directory to ensure proper operation. Often I find myself reviewing this information to ensure that I fully understand how things work as well as any updates to how they operate in a newer version of Windows. Here’s a list of Microsoft technical reference articles: TCPIP Kerberos …

Continue reading »

Share

Oct 21

Powershell Code: Scripts to Assist with Schema Update/Modification

The most recommended method for performing an Active Directory Schema Update is to disable Schema Master replication before updating the schema. Microsoft has backed off this recommendation a little since people were forgetting to re-enable Schema Master replication (kind of a problem). Exchange schema updates seem to be the most frequent  now that Service Packs …

Continue reading »

Share