Well as soon as you get a change replicated to another DC, it is going to start its replication process assuming it is within the same site with other DC's or is set up cross site for change notification. Are you saying possibly that replmon queues up replication changes on the direct pulls and the direct pulls of the original direct pulls? That would need to be staggered to really be useful. You will obviously note that I don't use replmon. :op I may break it out and see how much it has changed since April 2000 when I last looked at and rejected it as useful for my purposes.
To do this cascading replication I guess you could have a script that ascertained the partners of the DC you want to pull from and then have it queue up the replications. Then have it wait and hit their downlevels as well... On the computer account thing, I would recommend precreating the machine accounts prior to the join. Then you can target where the accounts are being created at. Best thing to do would be to hook up machine on a hub with that machine and do a network trace to watch what is going on. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of FDiskThePC Sent: Tuesday, November 04, 2003 11:16 PM To: [EMAIL PROTECTED] Thanks for your lengthy response, Joe. I appreciate it. I actually knew that all AD replication was pull replication. But replmon does have a "push mode" which basically sends out a change notification to the DC's partners so that they will immediately come pull its changes. What's cool is that unless you disable transitive replication with "push mode", the direct partners of the original DC will in turn send out change notifications to their partners as well. In essence, all DC's get the change from the source DC. And this is exactly what I want to do, but using something other than replmon. Why do I need to force replication like this? Good question. I wish I knew, and I've hit the list on this before, but didn't get many responses. Basically we'll add a computer to the domain and upon reboot, get the classic "the computer account is its primary domain is missing". I know it sounds like the computer account isn't being created on a DC in the local site, but a few times I verified that it is. Sync'ing the domain like I describe immediately fixes the problem. It sounds like I may want to call MS PSS if other folks have not seen this issue. -Rick --- Joe <[EMAIL PROTECTED]> wrote: > Right off the bat.... (am I saying that too much lately)? > > Ah who cares, right off the bat, you will not push changes. Windows > doesn't use push replication. All Windows Replication is pull based > whether it is WINS or AD or whatever. The DC who wants the changes > pulls the changes from the other DC. When you look at connection > agreements between DC's, the connection agreement is a subobject of > the DC that will do the pulling and is pointing at the DC it will pull > from. > Additionally there has to be a > direct connection defined between the DC's you want replication to > occur through, you won't simply push it to some replica there isn't a > connection to. > > There is a single thread on every DC that will go out to its > connection partners and PULL the changes from them. On the sending > side there are 25 threads by default that the pulling DC can connect > to and pull from. > > How do you know what to type to get a DC to PULL from one of its > partners? > > Ex: > > C:\>repadmin /showreps fntxx101 > BXXXX\FNTXX101 > DSA Options : (none) > objectGuid : 99765f71-4dad-496f-a996-a5d0af0232c6 > invocationID: 69a2f2fc-c3c2-412b-81bf-2f8d12abf436 > > ==== INBOUND NEIGHBORS > ====================================== > > DC=xxx,DC=xxx,DC=com > A-NADC\FMCXX104 via RPC > objectGuid: > d01e1848-e701-41ed-b7df-abdea09475ba > Last attempt @ 2003-11-04 18:38.56 was successful. > > CN=Schema,CN=Configuration,DC=xxx,DC=com > A-NADC\FMCXX104 via RPC > objectGuid: > d01e1848-e701-41ed-b7df-abdea09475ba > Last attempt @ 2003-11-04 18:38.55 was successful. > > CN=Configuration,DC=xxx,DC=com > A-NADC\FMCXX104 via RPC > objectGuid: > d01e1848-e701-41ed-b7df-abdea09475ba > Last attempt @ 2003-11-04 18:38.54 was successful. > > ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============ > > > > Doing that repadmin I know that my DC fntxx101 has a pull replication > connection object with fmcxx104. Note there is NO GUARANTEE that there > is a reciprocal connection object on fmcxx104 but there PROBABLY is. > > I now know that if I want to sync fntxx101 with fmcxx104's current > state for the default partition I would type > > repadmin /sync dc=xxx,dc=xxx,dc=com fntxx101 > d01e1848-e701-41ed-b7df-abdea09475ba /force > > I took the partition name from the repadmin for the <Naming Context> > parameter. > I took the server name that is pulling as the <Dest > DSA> > I took the objectguid of the server I want to pull from as the <Source > DSA > UUID> > > > Assuming I have a matching agreement going the other way I could use > > repadmin /sync dc=xxx,dc=xxx,dc=com fmcxx104 > 99765f71-4dad-496f-a996-a5d0af0232c6 /force > > > If the connection object is missing between two servers you will get > the error message > > DsReplicaSync failed with status 8452 (0x2104): > The naming context is in the process of being removed or is not > replicated from the specified server. > > > If you want to pull from all partners for a specific context, use > syncall > > repadmin /syncall DomainControllerName dc=domain,dc=com > > If you want all partitions from all direct connected partners you > would do > > repadmin /syncall DomainControllerName > > > I am curious about the undocumented command you mention. That is > interesting, I will dig into it when I get time as the implications > are rather large as it would have to force replications though the > entire domain and possibly forest if it was a GC. > > Hope this helps. > > > May I ask why you need to force replication like this? It is so > ungodly rare that we have to force replication that I am not even sure > if my team other than myself even knows how to do it through repadmin > like this. > > > joe > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of FDiskThePC > Sent: Tuesday, November 04, 2003 12:36 PM > To: [EMAIL PROTECTED] > > Okay, guys, I've done quite a bit of research here, but I need some > help. I don't know about you guys, but I find it frustrating that AD > has been out for over three years and so much of this stuff is still > undocumented! Argh! > > First problem was delegating the right for remote admins to > synchronize the domain. For those out there that may still be > searching, you need to delegate the "Replication Synchronization" > right to your Domain Naming Context (NC) and any other NC's (Schema, > Config, > etc.) that you may have. > Note that if you do not delegate this right to every NC, AD Sites & > Services will still fail because a "Replicate Now" > tries to sync every NC behind the scenes - there is no way with this > tool to sync a particular NC. Note that ADSIEdit will probably be > needed to make the delegation. > > Okay, second problem that I still need an answer to. > > I need a way to force replication from one source DC to all my other > DC's. > Ah! Use replmon you say choosing "Push Mode" and "Cross Site > Boundaries". > That works great, actually, but not for my remote admins. Come to > find out, replmon doesn't work unless the remote admin is also given > the "Replicating Directory Changes" and "Manage Replication Topology" > permission. And I am not about to do that. > > I've also looked at repadmin. It appears that some changes have been > made to this command in W2K3, but I'd like to do this in a W2K > setting. > Unfortunately, the W2K tool requires that you use actual GUIDS, but > the more important thing is that I can't figure out how to push > changes rather than pull! I did come across one undocumented switch > with repadmin. Using repadmin /p /e /d server1.company.com forces > server1 to pull any and all > === message truncated === __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
