You shouldn't have any major issues with SP differences. You may see some slightly different results for some kinds of operations say the pdc chaining stuff but everything should work ok. I.E. You should be safe to do them one at a time.
If you are really worried, apply 812499 separately and then catch up with SP4 as you can. We don't run SP4 yet but we do have 812499 installed. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 5:38 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Simultaneous password change on multiple DCs Joe, My my last reply will obviously be down to the fact that I'm not yet running SP4 on my DCs..... have you got any pointers on upgrading around 40 DCs without causing issues due to SP diff's? Am I safe to do one at a time? Best Regards, Rob "Joe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent by: cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Simultaneous password change on multiple DCs tivedir.org 30/07/2003 22:20 Please respond to ActiveDir By any chance is this product called PSYNC from MTEC? I have worked with them for a couple of years on various things, if so you can email me separately and we can chat... [EMAIL PROTECTED] If it isn't, consider it as they are doing a decent job now and I am sure there are some people who watch this listserv that may be shocked to see I wrote that.... I absolutely wouldn't recommend changing passwords in multiple sites at once, the previously valid reason for it is no longer valid UNLESS for some reason the remote site can't get to the PDC to do PDC Chaining (and the accompanying special replication that will take place in SP4 and Q812499) which would then make me ask, how would you get to the site to change the password in the first place with a centralized system. So anyway, make sure your DC's have SP4 or at least Q812499 and then change the passwords all centrally on whatever DC gets selected and you should be fine. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A Sent: Wednesday, July 30, 2003 3:23 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Simultaneous password change on multiple DCs We're looking at a product to manage passwords - it enforces common password policy and keeps passwords in sync across multiple platforms (mainframe, AD, NDS, Unix, etc.), as well as provides self-service password change/reset via a browser interface. One of its features on AD is that it's nominally site-aware - it can determine a browser's location based on IP address and change the AD password on a DC in that site. So far, so good. Now the tricky part - it can also be configured to ALWAYS change the password on one or more DCs that you specify on the config, in addition to the one it selects. The idea is to specify DCs near resources at headquarters that people access from branch offices. This is supposed to ensure that people can access the resources immediately rather than waiting for the new password to replicate. Net result is that the same password change is applied directly at multiple DCs in different sites at the same time. My question is, what is the impact on the DCs and replication traffic ? What are the caveats of such a scenario ? One other thing - the helpdesk can use the web interface to assist callers who choose not to use self-service. In that case, the helpdesk can see a list of all DCs and select the one(s) they wish to send the change to. This can be disabled, but is the default if you enable 'site-awareness'. This bothers me a bit, since there's nothing to prevent a helpdesk person from selecting 'em all. Your thoughts ? Dave List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ********************************************************************** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ********************************************************************** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ********************************************************************** List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
