Joe, thanks for the post reply. first about the dns registrations - will put this right on Mon AM - i have misread the article (Authentication Topology, authored by Gil Fitzpatrick) used as reference for this technique
- the article quotes to add all mnemonics except DcByGuid - this was subsequently corrected to DSAcName am just wondering whether this error would be suffcient to cause the observed behaviour - my suspicion is not and that my admin of the site link configuration is not correct. to answer directly your qu 1 it is set currently to a value of 1440 (1 day) - the value being required as no of minutes.- the intended interval is 5 days and this is a step to test the modification of replication interval if i read your 2nd qu correct you are checking to see if this change to the site configuration has reached the "slow replication partner" - to check this i set the focus of AD sites and services to the slow replication partner which does have in fact have the revised correct value of 1440 i thought that the KCC (which runs on by default every 15 mins on win2k) would run on the slow replication partner to enumerate its replication schedule - and no further administrative action needs to be taken ??? this appears not the case but then i guess we need to put the DnsAvoidRegisterRecords config right first to get any sort of "normal" behaviour - will advise subseqeuent to this change this begs the question of how would an admin view the "net" replication schedule of a particular server to enumerate the time when next it will replicate - I guess it could be inferred from a previous replication time (as in repadmin) and the site link configuration (which just defines an interval) - it just seems to me that a view of the actual replication schedule would be helpful ? GT .. " ----- Original Message ----- From: "joe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 08, 2004 1:26 AM Subject: RE: [ActiveDir] slow replication partner / site link config > Howdy Graham. > > This is something that is near to my heart right now as I am working out a > similar thing for our DR utilizing some virtualization software - we are > testing virtual server for this. > > Let me pop a couple of the questions here... > > The question regarding the DNSAvoidRegisterRecords seeming to be additional > unneeded step. The point behind this should be to remove the records from > the generic zones of the domain (and forest if this is a GC). Even though > you are in a specific site there are cases where these DCs could still be > hit by clients. Those cases being a machine that isn't in a defined subnet > (I recommend a high level definition even up to being an 8 bit definition to > direct these to a known site like a hub) or when the normally correct DC > isn't responding properly to requests. > > I don't think that DSACName is the record you want to stop publishing > though. The clients don't use that record to my knowledge. That is used by > other DCs to find the DC for replication purposes. That is one you would > want to be registered unless something is registering it otherwise on your > behalf. Without that record in DNS, DCs won't be able connect to that DC to > pull changes. > > I believe the records you want to prevent getting published are: > > LdapIpAddress > Ldap > DcByGuid > Kdc > Dc > Rfc1510Kdc > Rfc1510UdpKdc > Rfc1510Kpwd > Rfc1510UdpKpwd > > If it is a GC the following as well > > Gc > GcIpAddress > GenericGc > > > That list may be more extensive than is needed but seems to catch all of the > non-site specific records, if you have machines in the same site you may > even want to kill the site specific ones. > > > > The second part of your post indicates that the server isn't replicating on > the extended frequency you have set. The questions I have around this are > > 1. What is the frequency you have set? > > 2. Do you see it listed as a change notification partner on any of the DCs > in the Enterprise when looking at the partners via repadmin? Or do you see > it listing any DCs as change notification partners for it? > > I have been successful at setting longer replication periods up to almost a > week long (Greater than that and it seems to ignore the schedule). > > > joe > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner > Sent: Thursday, February 05, 2004 5:43 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] slow replication partner / site link config > > a server has been joined to the AD infrastructure and promoted to DC for the > specific purpose of recovery of AD objects. > > the intention is to configure the replication topology following what seems > to be termed as "lazy replication partner" model. > > to this end the following tasks have been completed; > > it is connected to a subnet on which there are no other AD hosts a site / > subnet has been defined site link linking it to a hub site defined > > netdiag confirms its site membership > > the server has been reconfigured with the following registry value - > "DNSAvoidRegisterRecords" with the data of "DSACname" - > > this change is made with the intention of preventing it authenticating any > logon requests - this would seem to be an additional step given that site > membership should dictate no clients discover it > > once the server ids fully replicant, the site link has been configured with > an extended value of the number of hours but yet the "slow" server is still > replicating on the normal frequency > > it would seem that the "replication topology" has not learnt the > configuration of the site link to the slow replication site/server. > > qu - is this by design and if so do we need to force a refresh of the > replication topology - is this what repadmin /kcc does ? > > GT > > > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
