Joe, what's this working on a sunday afternoon ??!! does not setting the focus of AD sites and services to the remote server not verify that the site link has replicated ??
all other site links have default interval of 180 mins so i know it to be different change notification on the site link being enabled on it sounds interesting - is this exposed via any GUI (repadmin) or otherwise ? or do we need to look at the directory directly ? is it typical for a server in the moved between sites to retain its previous site affiliation subsequent to moves - not too sure what the administrator did precisely in the move ? all i can tell is that the AD sites and services / netdiag thinks that it is in the right site GT ----- Original Message ----- From: "joe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 08, 2004 3:21 PM Subject: RE: [ActiveDir] slow replication partner / site link config > Great on the DNS registrations. I have got to sit down and read that entire > Gil article... > > The second question is to check to see if the site link info did replicate > and if everything is "cool" [1] with the connection objects. You didn't > indicate what this "normal" frequency is that it is replicating at so I am > wondering if it had indeed gotten that change to the server and that the > replication wasn't in a change notification setting right now. > > I have seen in the past people who have moved server objects between sites > and the connection objects maintained information that made them replicate > incorrectly. Most recently I saw a person with a site that had a server in > it that was replicating on a intersite schedule even though it was in the > same site as the other DCs. The solution was to delete all connection > objects involving it. Possibly there was some value in the connection > objects that could have been updated but I didn't dig into it closely enough > and haven't time since to try and duplicate. > > Obviously another thing to check is to make sure that the site link isn't > enabled for change notification. > > joe > > > [1] - Cool being a technical term in this use. :) > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner > Sent: Sunday, February 08, 2004 6:47 AM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] slow replication partner / site link config > > Joe, thanks for the post reply. > > first about the dns registrations - will put this right on Mon AM - i have > misread the article (Authentication Topology, authored by Gil Fitzpatrick) > used as reference for this technique > > - the article quotes to add all mnemonics except DcByGuid - this was > subsequently corrected to DSAcName > > am just wondering whether this error would be suffcient to cause the > observed behaviour - my suspicion is not and that my admin of the site link > configuration is not correct. > > to answer directly your qu 1 > > it is set currently to a value of 1440 (1 day) - the value being required > as no of minutes.- the intended interval is 5 days and this is a step to > test the modification of replication interval > > if i read your 2nd qu correct you are checking to see if this change to the > site configuration has reached the "slow replication partner" - to check > this i set the focus of AD sites and services to the slow replication > partner which does have in fact have the revised correct value of 1440 > > i thought that the KCC (which runs on by default every 15 mins on win2k) > would run on the slow replication partner to enumerate its replication > schedule - and no further administrative action needs to be taken ??? > > this appears not the case but then i guess we need to put the > DnsAvoidRegisterRecords config right first to get any sort of "normal" > behaviour - will advise subseqeuent to this change > > this begs the question of how would an admin view the "net" replication > schedule of a particular server to enumerate the time when next it will > replicate - I guess it could be inferred from a previous replication time > (as in repadmin) and the site link configuration (which just defines an > interval) - it just seems to me that a view of the actual replication > schedule would be helpful ? > > GT > > . " > ----- Original Message ----- > From: "joe" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, February 08, 2004 1:26 AM > Subject: RE: [ActiveDir] slow replication partner / site link config > > > > Howdy Graham. > > > > This is something that is near to my heart right now as I am working > > out a similar thing for our DR utilizing some virtualization software > > - we are testing virtual server for this. > > > > Let me pop a couple of the questions here... > > > > The question regarding the DNSAvoidRegisterRecords seeming to be > additional > > unneeded step. The point behind this should be to remove the records > > from the generic zones of the domain (and forest if this is a GC). > > Even though you are in a specific site there are cases where these DCs > > could still be hit by clients. Those cases being a machine that isn't > > in a defined subnet (I recommend a high level definition even up to > > being an 8 bit definition > to > > direct these to a known site like a hub) or when the normally correct > > DC isn't responding properly to requests. > > > > I don't think that DSACName is the record you want to stop publishing > > though. The clients don't use that record to my knowledge. That is > > used by other DCs to find the DC for replication purposes. That is one > > you would want to be registered unless something is registering it > > otherwise on your behalf. Without that record in DNS, DCs won't be > > able connect to that DC > to > > pull changes. > > > > I believe the records you want to prevent getting published are: > > > > LdapIpAddress > > Ldap > > DcByGuid > > Kdc > > Dc > > Rfc1510Kdc > > Rfc1510UdpKdc > > Rfc1510Kpwd > > Rfc1510UdpKpwd > > > > If it is a GC the following as well > > > > Gc > > GcIpAddress > > GenericGc > > > > > > That list may be more extensive than is needed but seems to catch all > > of > the > > non-site specific records, if you have machines in the same site you > > may even want to kill the site specific ones. > > > > > > > > The second part of your post indicates that the server isn't > > replicating > on > > the extended frequency you have set. The questions I have around this > > are > > > > 1. What is the frequency you have set? > > > > 2. Do you see it listed as a change notification partner on any of the > > DCs in the Enterprise when looking at the partners via repadmin? Or do > > you see it listing any DCs as change notification partners for it? > > > > I have been successful at setting longer replication periods up to > > almost > a > > week long (Greater than that and it seems to ignore the schedule). > > > > > > joe > > > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner > > Sent: Thursday, February 05, 2004 5:43 AM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] slow replication partner / site link config > > > > a server has been joined to the AD infrastructure and promoted to DC > > for > the > > specific purpose of recovery of AD objects. > > > > the intention is to configure the replication topology following what > seems > > to be termed as "lazy replication partner" model. > > > > to this end the following tasks have been completed; > > > > it is connected to a subnet on which there are no other AD hosts a > > site / subnet has been defined site link linking it to a hub site > > defined > > > > netdiag confirms its site membership > > > > the server has been reconfigured with the following registry value - > > "DNSAvoidRegisterRecords" with the data of "DSACname" - > > > > this change is made with the intention of preventing it authenticating > > any logon requests - this would seem to be an additional step given > > that site membership should dictate no clients discover it > > > > once the server ids fully replicant, the site link has been configured > with > > an extended value of the number of hours but yet the "slow" server is > still > > replicating on the normal frequency > > > > it would seem that the "replication topology" has not learnt the > > configuration of the site link to the slow replication site/server. > > > > qu - is this by design and if so do we need to force a refresh of the > > replication topology - is this what repadmin /kcc does ? > > > > GT > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
