Re: Problem with account lockout synchronization

From: Tim Hines [MSFT] (timhines_at_online.microsoft.com)
Date: 07/16/04 

Date: Fri, 16 Jul 2004 10:23:21 -0400

Account lockouts are in the "urgent replication" category but urgent
replication only occurs within a site. Urgent replication does not cross
site boundaries. When a user account is locked you should reset the users
account on a DC within that users site. Are you forcing replication between
sites after the account has been unlocked?

The links below discuss urgent replication

Search the following link for the word urgent to view the section on urgent
replication
http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/distsys/wsrvdsys.mspx

232690 Urgent Replication Triggers in Windows 2000
http://support.microsoft.com/?id=232690 

-- 
Tim Hines, MCSE, MCSA
 Windows 2000 Directory Services
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
"A.P.J. Louwerse" <apj.louwerse@sgtongerlo.nl> wrote in message
news:2bdd$40f63357$513a08f2$17748@news2.zonnet.nl...
> I have a windows 2000 network with 9 sites. Each site has a Domain
> Controller. One site (the headquarters) has a second Domain Controller
which
> is a Exchange 2000 server as well.
> When a useracount locks in one of the sites, replication immediatly occurs
> and the lockout-status of the account on all sites is "Locked". When I
> unlock the account on a site, replication also occurs immediatly and the
> lockout-status changes on all Domain Controllers except the Exchange 2000
> server !!!! The account remains locked on that Domain Controller. The user
> can login, but can't open his/her mailbox. I have to unlock the account
> again on the Exchange server.....
>
> Who can help me with this problem ?
>
> Arthur Louwerse.
>
>

Relevant Pages

  • RE: DCpromo issue. Health check on AD and group policy.
    ... Enterprise Admins group, or at the least a domain admin account of the domain ... Try running MS Sonar to check you SYSVOL replication status: ... Use sonar to check if the sysvols (File Replication Service) is replicating. ...
    (microsoft.public.windows.server.active_directory)
  • RE: All users denied access this morning ......
    ... Please let me know whether all of users cannot login domain, ... the message appears to be the result of normal replication ... display the actual account name and instead showed question marks where the ... PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were ...
    (microsoft.public.windows.server.sbs)
  • Re: Cluster Resource replacing physical server
    ... regardless of the status of the AD replication. ... Create the virtual computer account manually if the Cluster service account ... Then connect to cluster administrator to Enable Kerberos on the network name ... Create cluster resource ...
    (microsoft.public.sqlserver.clustering)
  • Re: AD intersite replication lag - security problem?
    ... Note that some recent hot fixes change the urgent replication items. ... > change notification between sites for all connections that occur over that ... > destination and source domain controller pairs that otherwise use change ...
    (microsoft.public.win2000.security)
  • Re: Subscriber Security Settings for Distributor and Publisher log
    ... Looking for a book on SQL Server replication? ... >> It is done through SQL Server authentication or NT Authentication. ... > using Authentication it authenticates using the account that your SQL ...
    (microsoft.public.sqlserver.replication)