Re: Moving an ADAM instance
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Tue, 18 Jul 2006 19:33:27 -0400
The proper way to do this is with a replicated instance. The problem you are having is that ADAM doesn't have its own account policy, it is entirely dependent on the machine's policy and it sounds like the two machines have different password policies. Your problem isn't in ADAM, it is in the configuration of the policy on the machines.
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
---O'Reilly Active Directory Third Edition now available---
I am having some trouble moving an ADAM instance from one physica server to another.
The first method I tried was to set up the new server as a replication server. This worked in my trial environment, but like so many other times, not in production. The data all appeared to replicate fine, but users were unable to authenticate against the replicated server. When looking through the user properties, I noticed that ms-DS-UserPasswordExpired was set to TRUE in the replication instance, but not in the publishing instance. A quick bit of research told me that this is a constructed value. This is where my attempt with this method dead ended because I know little about password expiration rules in AD. I know even less when the server in question is not part of a domain. And I know absolutely nothing about how these features might relate to ADAM or how ADAM constructs this value and can not seem to find any information on such. This seems to be the easier approach and is also the approach recommended by Joe Kaplan, so if anyone has any ideas about this, thanks.
The second approach I took which once again worked in test but stumped me in production was to use ADSchemaAnalyzer to duplicate the schema to a new ADAM instance, then synchronize the data with adamsync. I got to the point of trying to install my synchronization configuration into the new instance, but received an error every time I tried. According to the boards, the error message I received was what I should expect if I had not loaded the MS-AdamSyncMetadata.LDF into the new repository, but we have a screen capture of the session and this was definately done. If there are no good ideas on how to solve the problem with my first approach, feel free to fire away with ideas on this one.
I would prefer to use the replication approach, but any help or new ideas would be welcome indeed. If you need any other information, please let me know.
- Prev by Date: Re: Can not add a new Domain Tree in Windows 2003 Server
- Next by Date: Re: ADAM Replication and tombstone lifetime
- Previous by thread: Re: How to remove a 2k3 DC from AD which is....
- Next by thread: Re: ADAM Replication and tombstone lifetime