RE: [ActiveDir] Active Directory Replication

[Rick Kingslan]

Title: Message

Chris,

 

I'd have to research the Delegation of Authority, or even the Security principal issues to see if it CAN be done.

 

The bigger issue that you should be aware of is that there is a potential 'collision' problem in AD.  For example, I modify a user on one DC while you delete the same user on another DC.  Which one takes precedence?  Because of the collision resolution mechanism in place in Win2k, there is a real possibility that neither request will be honored.

 

The current recommendation from the boys and girls in Redmond is that changes should ONLY be made on the DC in each domain that holds the PDC Emulator role.  At present, this is the ONLY way that you can be sure to avoid the problem. 

 

So, you're next problem is more along the lines of how do I get X number of helpdesk people TS access to the DC with the PDC role?

 

Rick Kingslan - Microsoft Certified Trainer
  MCSE+I on Windows NT 4.0
  MCSE on Windows 2000
  MVP [Windows NT/2000 Server]

"Any sufficiently advanced technology
is indistinguishable from magic."
  ---  Arthur C. Clarke

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lomas, Chris
Sent: Friday, March 15, 2002 9:18 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Active Directory Replication

 

Hello,

Does anybody know of a way to allow a user account which is not a member of the Domain Admins group to initiate replication between direct replication partners.

I'm trying to allow our Helpdesk to be able to synchronise our domain after they have created a user account but I can't seem to find a way around his problem.

I have considered assigning them rights under the NTDS settings of the relevant DC's but I am worried about the implications.

Thanks in advance

Chris Lomas
Systems Infrastructure Team
GMAC RFC

Tel: +44 (0)1344 478007
Fax: +44 (0)1344 478907

 



***********************************************************************************************
GMAC-RFC Limited (Company registered in England with No.3489004)
whose registered office is at Eastern Gate, Brants Bridge, Bracknell, Berkshire,
England, RG12 9BZ.
Telephone: (01344) 478478, Fax: (01344) 478050.

PRIVACY AND CONFIDENTIALITY NOTICE
Information contained in this email and any attachments is confidential
and is intended for the use of the addressee only. If you are not the
intended recipient please notify us immediately. Any dissemination,
distribution, copying or use of this information without our prior consent
is strictly prohibited.

VIRUS WARNING
The contents of any attachment to this email may contain software viruses
which could damage your own computer system. While GMAC-RFC has taken
reasonable precautions to minimise this risk, it cannot
accept liability for any damage which you suffer as a result of software
viruses. You should carry out your own virus checks before opening any
attachment.

***********************************************************************************************