Re: Urgent replication not seeming to work
- From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Thu, 18 Jan 2007 20:17:51 +0100
thank you Mr. Richards
;-)
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:eUP6IOqOHHA.5104@xxxxxxxxxxxxxxxxxxxxxxx
Mr. Richards in the house.... (looking around for my dad)
LOL. Please no more Mr. Richards, even my enemies call me joe (just they
say it with a snobbish all knowing sneer).
I wrote a lot of this up and presented it at DEC 2006 during the infamous
Dean and joe show. Likely people were laughing too hard from Dean cracking
jokes to listen closely to me. ;o) The slide deck though is here
http://www.jadonex.com/downloads/dec/dec2006.zip
(Note: For maximum benefit, watch it as a presentation, don't skim through
the slides in preview, we have a lot of animation in there)
There are two components to the whole PDC Chaining story.
The first is that the PDC gets the current new password. This is handled
by a direct RPC shot straight to the PDC from the DC where the change was
mastered. This is impacted by the AvoidPDCOnWan configuration in that if
that value is set, it won't make the call to the PDC to update the
password. But also, the mechanism is not guaranteed. If the PDC is too
busy or their is a network issue (or the PDC is just plain down) the
password will not be forwarded onto the PDC, it will get there through
normal AD replication eventually.
The second is the PDC Chaining request where the user tries a password
that the local DC doesn't think is valid and the PDC is chained in to the
request to validate. If the PDC thinks it is ok it sends back a response
saying, yeah that password is cool and then (as of 2K SP4 and K3 Gold)
initiates a new LDAP op that I fought long and hard with MSFT to get
implemented back in like 2002 or so for this reason called Replicate
Single Object. This will force the info on the PDC directly to the DC that
tried and failed the authentication. Again these items are impacted by
AvoidPDCOnWan and yet again, they are not guaranteed. If the network is
cool, if the PDC is cool, they will work great. If not, they may or may
not work.
Going back to the poster's original item... Urgent replication. There is
really no such thing as urgent replication. There is only urgent queuing.
Items that are urgently queued have the same replication priority in the
queue of anything else that is of the same NC. Actually in the slide 40-50
range of that deck above, I talked about queue priorities and what the
actual priorities are of different replication requests. Urgent queuing
simply means that the normal holdback and dsa pause values are not adhered
to for the queuing. As Paul indicated, this only works over change
notification links so that is usually within a single site. You can enable
change notification between sites on a site link however keep in mind that
doesn't bring you into the site's replication ring, you still have a
bridgehead and you still don't have the "urgently replicated" items being
any more important than any other writeable domain NC that is being
replicated so changes can easily get hung up on a bridgehead and sit for a
while if it is busy. You will note that on one or more of the slides I
very specifically pointed out that urgent requests do NOTHING to the
priority of the queued items.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Paul Williams [MVP] wrote:
OK, I'll ping him next week and see what you're referring to.
.
- References:
- Urgent replication not seeming to work
- From: troute_kilgore
- Re: Urgent replication not seeming to work
- From: Paul Williams [MVP]
- Re: Urgent replication not seeming to work
- From: Jorge Silva
- Re: Urgent replication not seeming to work
- From: Paul Williams [MVP]
- Re: Urgent replication not seeming to work
- From: Jorge Silva
- Re: Urgent replication not seeming to work
- From: Paul Williams [MVP]
- Re: Urgent replication not seeming to work
- From: Joe Richards [MVP]
- Urgent replication not seeming to work
- Prev by Date: Re: Delegation of groups admin. - restricted to a subset of objects
- Next by Date: Re: Daylight Savings time for member servers
- Previous by thread: Re: Urgent replication not seeming to work
- Next by thread: Re: Urgent replication not seeming to work
- Index(es):
Relevant Pages
|
