Active Directory replicates one way

T

Tariq Changgez

I have two domain controllers located in the same site:
DC1 and DC2. Changes made to Active Directory on DC1 are
shown on DC2 but any change made on DC2 is never
replicated to DC1. I forced replication using "Active
Directory Sites & Services" but no change. After
replication, it always shows a successful replication
message. I even used ReplMon.exe which also reported
successful replication, but the problem persists.

I looked in different event logs, but no error is reported
anywhere.

Is there any thing in Active Directory where we configure
whether replication is allowed one-way or two-way.
 
P

ptwilliams

When you look at the NTDS object under sites and services is there one or
two <automatically generated> connection objects (you could also view this
using the 'repadmin /showreps' command)? Or have you created your own??

It's probably worth deleting what's there, and then forcing the KCC by
right-clicking the NTDS object and selecting 'Check Replication Topology'

You also need to ensure that DNS is fine on *both* DCs. Perhaps you've been
unlucky enough to encounter the Island Problem?? It may be worth pointing
both DCs at DC1 for DNS whilst you do this...

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


I have two domain controllers located in the same site:
DC1 and DC2. Changes made to Active Directory on DC1 are
shown on DC2 but any change made on DC2 is never
replicated to DC1. I forced replication using "Active
Directory Sites & Services" but no change. After
replication, it always shows a successful replication
message. I even used ReplMon.exe which also reported
successful replication, but the problem persists.

I looked in different event logs, but no error is reported
anywhere.

Is there any thing in Active Directory where we configure
whether replication is allowed one-way or two-way.
 
G

Guest

I checked as you suggested and every things seems to be
fine.

Probably I forgot to mention in my original post that I
restored the effected DC from a Norton Ghost Image which
was one month old. I guess the USN (Update Sequence
Number) in this server is older than what the DC1 has.
Therefore the changes done on DC2 or not being pulled by
DC1. To verify this problem I want to know how I can find
out what USN DC1 has for DC2, and that what is the current
highest USN of DC2. Secondly I want to know if there is a
way to reset USN to a desired number.
 
C

Cary Shultz [A.D. MVP]

If you look closely you will notice that the trailing 'l' was not included
in the link ( word-wrap or something ). All you need to do is to add the
trailing 'l' in the web browser and hit 'enter' and it does indeed work.

HTH,

Cary
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Repadmin /replicate command gives error DsReplicaSync() failed with status 8452 (0x2104) 1
Active Directory failure with code '0x80040e37' 2
Connection Objects Get Disappearing or Does Not Generate Automatic 2
Unable to create Active Directory user account 4
Error event id 13508 - can't replicate 4
NTFRS errors after rebuilding DC 8
an URGENT problem in windows 2000 domain controllers 3
DC Event warning 13508 6

Top