True, I typed without thinking (or rather reading closely...) I just saw PAS and typed away a "canned" answer... I must go on a break and clear my head.... <g>
/Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services ---------- www.qadvice.com ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Friday, June 11, 2004 12:57 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Replication of linked attributes between domain and sub-domain first of all, if "titi.com" and "toto.titi.com" are real names, then I'd switch jobs - this would drive me crazy ;-) Rgd. adding the directReports to the PAS: that would be nice, but isn't possible for the backlinks of linked attribute-pairs - this is the case here for the directReports attribute => it is not a replicated attribute at all (neither cross domain nor within the same domain), as only forward links (here the manager attribute) get replicated between DC/GCs. Instead, the backlink attributes are processed locally on each DC when it receives the forward-link (e.g. a user object's manager attribute) and creates the link between the two respective AD objects via an entry in the local link table on the DC/GC. However, the forward-link will only replicate to DCs hosting the respective naming context. And for attributes (even forward links), which are also in the PAS (configured to replicate to the GC), this means that the information is also replicated to GCs from another domain(s), hosting a read-only partition of the source domain (of an object with a forward link). And the GCs will then again create the respective backlink locally, when making the entry in the linktable, even for cross-domain links. For the given manager/directReport example this means that a user's manager attribute is only replicated to DCs of the same domain and to GCs in the forest - and that only these machines populate the respective "directReports" attribute (backlink) for a user who is a manager of this other user. As such, you won't see cross-domain directReports information on a DC of a manager's domain, if this DC is not a GC. So here, the DC for "titi.com" used to lookup the directReports attribute "usertiti" must have been a GC, while the DC of "toto.titi.com" used to lookup the directReports attribute "usertoto" must have been just a normal DC. This is not to be confused with Phantom Records (which are updated via the Infrastructure Master): as the directReports attribute is not the replicated attribute, it is also not updated or replicated as a phantom record via the IM. However, phantom records are created on non-GC DCs to replicate the manager-attribute (forward-link) to other DCs, if e.g. a user's manager-attribute is linked to a user-object outside the own domain. As Dean perfectly described, the IM is then responsible to sync changes to the linked object over time (renames, deletes etc.), but it would not update any backlinks. As a sidenote on the replication of the manager/directReports links you should realize, that if you do leverage these accross domains in a forest and you accidentally delete a manager (with direct-reports in various domains) whom you must then authoritatively restore in AD, the links to the manager's directReports are NOT recovered with the manager... (same issue as with memberships in Universal Groups or Domain Local groups in other Domains of the forest) \Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson Sent: Donnerstag, 10. Juni 2004 11:17 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Replication of linked attributes between domain and sub-domain If you really want/need it to be replicated to the GCs, you can use the Schema snap-in, and check the box in front of 'Replicate this attribute to the Global Catalog'. Regards, /Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services ---------- www.qadvice.com ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Thursday, June 10, 2004 11:04 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Replication of linked attributes between domain and sub-domain The manager attribute is replicated between GCs as part of the Partial Attribute Set. The directReports attribute isn't. Whether you see it or not will depend on the domain of the DC you are querying. Tony ---------- Original Message ---------------------------------- Wrom: BLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBO Reply-To: [EMAIL PROTECTED] Date: Thu, 10 Jun 2004 10:02:34 +0200 Hi, I have a domain "titi.com" with a sub-domain "toto.titi.com", a user "usertiti" on "domain titi.com" and a user "usertoto" on "domain toto.titi.com". I set "usertiti" as manager of "usertoto" and "usertoto" as manager of "usertiti". When I look a the "usertoto" and "usertiti" entries in the directories, I have: - the manager attribute of "usertiti" is correctly set at "usertoto", - the directReports attribute of "usertiti" is correctly set at "usertoto", - the manager attribute of "usertoto" is correctly set at "usertiti", - but, the directReports attribute of "usertoto" is not correctly set at "usertiti" ! Why ? Is it normal or is it a replication problem ? Thanks in advance for your answers... Solange Desseignes List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ________________________________________________________________ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/