Hmmm, interesting question. I think it would just have to send the new DNs around to everything. If you have any change in security in that new level that could cause some work for the DCs as well.
I don't think I would be as concerned about replication as I would about hard coded DNs in non-linked attributes or in applications. I have seen LDAP based LOB apps fail spectacularly with mass moves of objects from one location to another in AD. Once had a finance app that assumed users would be in a specific place even though we said over and over again they would be subject to moving and it wouldn't be announced since the moves would be driven by local admins for putting users in specific GPO OUs but still the finance app assumed a specific structure and sure enough, a mass of users were moved and their app blew up horribly. What was worse they had no one who had any clue what the app was really doing so I ended up troubleshooting their perl to find the issue. This is actually a decent sized problem in any medium to fairly large environment because anyone can write or integrate an LDAP app into your architecture without DA/EA involvement. You usually don't find out about them until you take down a DC that they hard coded to or change the structure of the directory that you hard coded to or something else that breaks them based on their assumptions on what would always be. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Monday, October 18, 2004 2:45 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD replication impact from inserting OU in the middle? We might want to insert an OU placeholder in the "middle" of our Active Directory structure, i.e., changing "cn=abc,.....,ou=def,dc=xyz,dc=com" to "cn=abc,.....,ou=def,ou=GHI,dc=xyz,dc=com". Can anyone give me an idea of what impact this will cause on replication? We have multiple root DCs with one on a slow link. I contend that every object below the new OU structure will at least have its "Distinguished Name" rewritten (other attributes also?). Some discussion has ensued. Any comments are appreciated! Thanks! Mike Thommes List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
