replication problem on w2k domain

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Small overview of the network

Master DC
Domaincontroller 1 (location 1)
Domaincontroller 2 (location 2)
Domaincontroller 3 (location 3)

All servers are in a company wide WAN, servers in the domain are trusted to
another.
All servers replicate the agentlogin's with the Master DC so a login on
multiple locations is possible.
Since 2 weeks a strange event occurs, when a user is locked out the local
admin resets the account
for that specific user, and makes the login possible again.
Now the problems begin, the user stays locked out until replication has
replicated the user login to the
master DC.
This problem occurs by password lockout, password change.
Strange thing is that the servers have been running smoothly for the last 3
years, without any problems.

Does anyone have a solution or a tip to solve this?

Thanx

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

In news:8225e$41679556$513b9b88$13009@news1.zonnet.nl,
Arjen <arjen.zijlstra@web.de> commented
Then Kevin replied below:
> Small overview of the network
>
> Master DC
> Domaincontroller 1 (location 1)
> Domaincontroller 2 (location 2)
> Domaincontroller 3 (location 3)
>
> All servers are in a company wide WAN, servers in the
> domain are trusted to another.
> All servers replicate the agentlogin's with the Master
> DC so a login on multiple locations is possible.
> Since 2 weeks a strange event occurs, when a user is
> locked out the local admin resets the account
> for that specific user, and makes the login possible
> again.
> Now the problems begin, the user stays locked out until
> replication has replicated the user login to the
> master DC.
> This problem occurs by password lockout, password change.
> Strange thing is that the servers have been running
> smoothly for the last 3 years, without any problems.
>
> Does anyone have a solution or a tip to solve this?

Can you post an ipconfig /all from your four DCs?

Do all of your DCs have DNS installed on them and are you using Active
Directory integrated zone for your AD domain zone?

Do you have only one domain?

Are any of your DCs multi-homed or have RAS installed?

IMO, since all DCs are at different locations, all should have DNS installed
and you should use AD integrated zones. Then in TCP/IP properties all DCs
should use the DC you call your master as preferred and one of the others as
alternate then to itself as a third DNS. This will insure that all DCs are
registered in DNS, will always have a DNS available at start-up, and will
keep replication working.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================