Thanks for your lengthy response, Joe. I appreciate it. I actually knew that all AD replication was pull replication. But replmon does have a "push mode" which basically sends out a change notification to the DC's partners so that they will immediately come pull its changes. What's cool is that unless you disable transitive replication with "push mode", the direct partners of the original DC will in turn send out change notifications to their partners as well. In essence, all DC's get the change from the source DC. And this is exactly what I want to do, but using something other than replmon.
Why do I need to force replication like this? Good question. I wish I knew, and I've hit the list on this before, but didn't get many responses. Basically we'll add a computer to the domain and upon reboot, get the classic "the computer account is its primary domain is missing". I know it sounds like the computer account isn't being created on a DC in the local site, but a few times I verified that it is. Sync'ing the domain like I describe immediately fixes the problem. It sounds like I may want to call MS PSS if other folks have not seen this issue. -Rick --- Joe <[EMAIL PROTECTED]> wrote: > Right off the bat.... (am I saying that too much > lately)? > > Ah who cares, right off the bat, you will not push > changes. Windows doesn't > use push replication. All Windows Replication is > pull based whether it is > WINS or AD or whatever. The DC who wants the changes > pulls the changes from > the other DC. When you look at connection agreements > between DC's, the > connection agreement is a subobject of the DC that > will do the pulling and > is pointing at the DC it will pull from. > Additionally there has to be a > direct connection defined between the DC's you want > replication to occur > through, you won't simply push it to some replica > there isn't a connection > to. > > There is a single thread on every DC that will go > out to its connection > partners and PULL the changes from them. On the > sending side there are 25 > threads by default that the pulling DC can connect > to and pull from. > > How do you know what to type to get a DC to PULL > from one of its partners? > > Ex: > > C:\>repadmin /showreps fntxx101 > BXXXX\FNTXX101 > DSA Options : (none) > objectGuid : 99765f71-4dad-496f-a996-a5d0af0232c6 > invocationID: 69a2f2fc-c3c2-412b-81bf-2f8d12abf436 > > ==== INBOUND NEIGHBORS > ====================================== > > DC=xxx,DC=xxx,DC=com > A-NADC\FMCXX104 via RPC > objectGuid: > d01e1848-e701-41ed-b7df-abdea09475ba > Last attempt @ 2003-11-04 18:38.56 was > successful. > > CN=Schema,CN=Configuration,DC=xxx,DC=com > A-NADC\FMCXX104 via RPC > objectGuid: > d01e1848-e701-41ed-b7df-abdea09475ba > Last attempt @ 2003-11-04 18:38.55 was > successful. > > CN=Configuration,DC=xxx,DC=com > A-NADC\FMCXX104 via RPC > objectGuid: > d01e1848-e701-41ed-b7df-abdea09475ba > Last attempt @ 2003-11-04 18:38.54 was > successful. > > ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS > ============ > > > > Doing that repadmin I know that my DC fntxx101 has a > pull replication > connection object with fmcxx104. Note there is NO > GUARANTEE that there is a > reciprocal connection object on fmcxx104 but there > PROBABLY is. > > I now know that if I want to sync fntxx101 with > fmcxx104's current state for > the default partition I would type > > repadmin /sync dc=xxx,dc=xxx,dc=com fntxx101 > d01e1848-e701-41ed-b7df-abdea09475ba /force > > I took the partition name from the repadmin for the > <Naming Context> > parameter. > I took the server name that is pulling as the <Dest > DSA> > I took the objectguid of the server I want to pull > from as the <Source DSA > UUID> > > > Assuming I have a matching agreement going the other > way I could use > > repadmin /sync dc=xxx,dc=xxx,dc=com fmcxx104 > 99765f71-4dad-496f-a996-a5d0af0232c6 /force > > > If the connection object is missing between two > servers you will get the > error message > > DsReplicaSync failed with status 8452 (0x2104): > The naming context is in the process of being > removed or is not > replicated from the specified server. > > > If you want to pull from all partners for a specific > context, use syncall > > repadmin /syncall DomainControllerName > dc=domain,dc=com > > If you want all partitions from all direct connected > partners you would do > > repadmin /syncall DomainControllerName > > > I am curious about the undocumented command you > mention. That is > interesting, I will dig into it when I get time as > the implications are > rather large as it would have to force replications > though the entire domain > and possibly forest if it was a GC. > > Hope this helps. > > > May I ask why you need to force replication like > this? It is so ungodly rare > that we have to force replication that I am not even > sure if my team other > than myself even knows how to do it through repadmin > like this. > > > joe > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of FDiskThePC > Sent: Tuesday, November 04, 2003 12:36 PM > To: [EMAIL PROTECTED] > > Okay, guys, I've done quite a bit of research here, > but I need some help. I > don't know about you guys, but I find it frustrating > that AD has been out > for over three years and so much of this stuff is > still undocumented! Argh! > > First problem was delegating the right for remote > admins to synchronize the > domain. For those out there that may still be > searching, you need to > delegate the "Replication Synchronization" right to > your Domain Naming > Context (NC) and any other NC's (Schema, Config, > etc.) that you may have. > Note that if you do not delegate this right to every > NC, AD Sites & Services > will still fail because a "Replicate Now" > tries to sync every NC behind the scenes - there is > no way with this tool to > sync a particular NC. Note that ADSIEdit will > probably be needed to make > the delegation. > > Okay, second problem that I still need an answer to. > > I need a way to force replication from one source DC > to all my other DC's. > Ah! Use replmon you say choosing "Push Mode" and > "Cross Site Boundaries". > That works great, actually, but not for my remote > admins. Come to find out, > replmon doesn't work unless the remote admin is also > given the "Replicating > Directory Changes" and "Manage Replication Topology" > permission. And I am not about to do that. > > I've also looked at repadmin. It appears that some > changes have been made > to this command in W2K3, but I'd like to do this in > a W2K setting. > Unfortunately, the W2K tool requires that you use > actual GUIDS, but the more > important thing is that I can't figure out how to > push changes rather than > pull! I did come across one undocumented switch > with repadmin. Using > repadmin /p /e /d server1.company.com forces server1 > to pull any and all > === message truncated === __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
