Unless you want to start changing your replication
schedules explicitly for password resets, you're doing the right thing. Change
the password on a DC in the user's site. If you're at SP4 (I think, could have
been SP3) then the password change will also get sent on to the PDC emulator
immediately. Anytime a user enters an incorrect password, the local DC will pass
on the request to the PDCE in case the password had changed on a different
DC.
The Account Lockout Status tool is probably the best
utility for checking on password replication. Among other things, it will show
the timestamp for password last set on each domain controller, so you can have a
good idea of the replication state on the change. http://www.microsoft.com/downloads/details.aspx?FamilyID=d1a5ed1d-cd55-4829-a189-99515b0e90f7&DisplayLang=en (watch
for URL wrap)
Hunter
From: Rimmerman, Russ [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 27, 2004 7:07 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Replication issues
We have always been
having weird issues with replication. We have about 30 AD sites all over
the world. When we change or reset a password here for a user at a remote
site, it takes quite a long time (30-60 minutes or more) to replicate to the
users site. So, we are having to connect to their local domain contoller
and reset the password there. What is the best practice for setting up and
tuning replication and resetting passwords, and what tools are recommended
(replmon?) for "testing" it, and how long should it take?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |