Archived from groups: microsoft.public.win2000.active_directory (
More info?)
"Randy" <msnews@taoman.mailshell.com> wrote in message
news:eybkUeAAFHA.2552@TK2MSFTNGP09.phx.gbl...
> There is only one site which both domains are in. One forest. Definitely
> have GC servers in both domains.
The key is GCs per site (not domain) but as long as
that works out it doesn't matter.
> Examples:
>
> Admins in both domains have rights to administer in both domains.
>
> Admin 1 in Domain A runs ADU&C in Domain A to add a user from Domain B to
a
> group membership for Domain B.
Well, that doesn't require replication outside the same
domain -- UNLESS the Group is a Universal group.
It a user from EITHER domain is added to a group in
Domain B, domain B knows about it immediately (upon
replication within that same domain.)
> The new user doesn't actually show up as
> being a member of the group in Domain B (from Domain B's perspective)
> sometimes for hours although when looking in ADU&C in Domain A (and
changing
> the domain, of course) the user is there. Isn't this a replication issue?
AD U&C runs against a DC in the domain where the
changes are made -- it matters not which domain
controller is runs FROM.
AD U&C could as well run on an XP workstation etc.
> Exchange servers exist in both domains but OWA front-end server is in
Domain
> A which users in Domain B go thru to access their email from home. User
> from Domain B forgets their password and calls admin from Domain B to
change
> their password. Admin from Domain B does change their password
immediately
> but OWA server in Domain A doesn't seem to recognize that password change
> again, sometimes for hours. Isn't that also a replication issue?
>
> These types of issues are fairly rare but happen often enough to be
> troublesome. It seems to me I should be able to increase replication
> schedule between the two domains or at the very least to manually force
> replication so these password changes, group membership changes, etc
happen
> quicker between the domains. Is this not possible or am I barking up the
> wrong tree?
>
> I realize in the first example I could probably point my ADU&C to a Domain
B
> DC but I don't think that would work in second example as the password
> change has to be replicated in both domains before user could login to
OWA.
> Or am I clueless?
You have to make a change in Domain B while connected
to domain B.
> > Ok, that works generally but doesn't allow you to
> > control the time and frequency of replication.
> >
> > They will replicate as if they are on the same LAN IF
> > they replicate.
> >
> > Two domains will only replicate certain info, and not
> > unless they are in the same forest.
> >
> >
> > > Everything runs fine but replication takes much too long between the
> > > domains. When adding a new user or changing a password in one domain
it
> > > won't take effect in the other domain sometimes for hours.
> >
> >
> > ? That sounds like you DO have sites defined.
> >
> > But you cannot really expect a USER account to ever
> > fully replicate to another Domain -- only the GC,
> > Schema, and Configuration replicates across domains
> > (in the same forest.)
> >
> > User accounts are partially replicated to the (other)
> > GCs of the forest.
> >
> > Make sure that a DC (or more) in each site is a GC.
> >
> >
> > You might want to recheck Sites and Services and
> > make sure that both DCs really show in the Default
> > (or whatever name) site.
> >
> > GC setting is in there too.
> >
> > > Without putting
> > > domains in separate sites (T1 is fast and reliable) how can I change
(or
> > > manually force) replication between domains? Thanks in advance.
> >
> > What are you specifically expecting to replicate?
> >
> >
>
>