Re: Replication of password resets/unlocks

---

• From: "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx>
• Date: Tue, 20 Jun 2006 07:58:45 -0500

---

Right on!!!

PS:
Computer Configuration \ Administrative Templates \ System \ Net Logon \
Contact PDC on Logon Failure


--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no rights.

""Frank Röder [MVP]"" <heidenau@xxxxxx> wrote in message
news:O2b3eqClGHA.1640@xxxxxxxxxxxxxxxxxxxxxxx

Rajneel schrieb:

Hi all,

Please excuse me if the query is a little trivial but I've been informed
our Windows 2003 AD structure has been configured to replicate between
DCs every 15 mins and even this will be subject to network traffic
factors. Will this mean that those users on different DCs to the Helpdesk
will potentially have to wait 15mins or longer to be able to login once a
password has been reset or account unlocked?

no, this change will be replicated to the dc that holds the pdc emulator
role immediately. When a user tries to log on, the clientcomputer tries to
authenticate to the next dc. If this attemp fails (wrong password) the
clientcomputer tries to contact the pdc emulator.
Thus that the pdc emulator knows the correct password, the attempt succeds
in the second step. Changes of passwords are replicated between sites
through the normal replication schedule.

You can configure this behavior with an group policy:

Computerconfiguration\Administrative
Templates\Windows-Komponents\System\Network Logon\


"Contact PDC at logon errors"

If the setting is not absolutly correct, please excuse me, because i
actually working on an german system, so i must translate the policy
settings ;-)



--
Viele Grüße
Frank Röder
MVP Windows Server System - Directory Services
"Ex oriente lux"

.

---

• References:
  • Re: Replication of password resets/unlocks
    • From: "Frank Röder [MVP]"

• Prev by Date: Re: Windows Update has failed with Error Code: 0x8007F004
• Next by Date: Re: Slow Logon
• Previous by thread: Re: Replication of password resets/unlocks
• Next by thread: Re: Replication of password resets/unlocks
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: event ID 1586 ... replicate directly with the PDC FSMO role holder replicate the checkpoint ... controllers that do not replicate directly with the PDC FSMO role holder. ... |> Verify successful replication to a domain controller ... (microsoft.public.win2000.advanced_server) RE: event ID 1586 ... DIRECT REPLICATION partner the pdc fsmo role owner, ... > Please help me know how you determine "in the topology don't replicate with ... > the pdc master fsmo owner." ... (microsoft.public.win2000.advanced_server) Re: Trust relationships and password change/caching ? ... eventually go to PDC to check if there was a password change. ... everything on the local domain - but the second domain with the trust ... so the most likely issue here is failure to REPLICATE ... (microsoft.public.windows.server.active_directory) RE: event ID 1586 ... Verify successful replication to a domain controller ... successfully replicate the checkpoint information for downlevel backup ... replicate directly with the primary domain controller (PDC) Floating Single ... | replicate with the pdc master fsmo owner. ... (microsoft.public.win2000.advanced_server) Re: Replication Problems ... One also runs Exchange and the other one ... the PDC and DNS server roles. ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2006-06