This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi I have a question about replication behavior between domain controllers in different sites, there is site IP links between main head office site and branches which is configured for 30 min replication and cost is 100. But there is some NTDS connection links between DC in sites that is configured to replicate only once per hour. How will be handled such operation as password change, which parameter will be used? 30 minutes or i case more than 30 minutes because of DC connection links is only configured for replication once per hour? In environment is 10 AD sites and 14 DCs. Head office has 4 DC and branches has 1 DC each.
Now we have problem with owa password change, when user change password it took almost 2-3 hours to became old password inactive.
I have also visio diagram of replication topology if someone intrested.
Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards,
Hi,
The replication for password change is a Immediate Replication.
When you change a password for users or machines, password changes are sent immediately to the PDC FSMO. The PDC operations master then locally stores this value. And the password change is then replicated to its partners using the Active Directory replication process. Down-level domain controllers replicate the change directly from the PDC FSMO role owner.
For the Active Directory replication inter-sites: it depends on the replication schedule you defined .Site-links, site costs and replication schedules are what we user to control the inter-site replication. It also effected by sites bandwidth, latency and ect.
For the Active Directory replication intra- sites :By default, (according to Microsoft) any domain controller will aware of any directory update within 15 seconds. Within site despite the number of domain controllers, any directory update will be replicate in less than one minute.
Best Regards,
Hi,
When a user change his password , the password will be sent immediately by the domain controller to PDC, then it will be replicated on all domain controllers.
If the password change take 2or 3 hours , you should start by checking if the client able to contact the closest domain controller, if it use owa check if exchange server able to contact a closest domain controller. then you should check the bandwidth between R/W domain controllers and the PDC.
Please don't forget to mark this reply as answer if it help you to fix your issue
Hi,
As this thread has been quiet for a while,was your issue resolved?
If you want to end this thread, and the answer was helpful for you, you can "Accept as answer" to help other community members find the helpful reply quickly.
If you have a better method to solve it, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
If there is anything else we can do for you, please feel free to post here.
Best Regards,