AD user replication

[Damien]

Here is my situation, please help:

Setup:
2 W2K DC's with SP4.
DC1 has WINS, DNS, DHCP, GC, Authentication, and all FSMO's
DC2 has Exchange 2000 and is backup for Wins, DHCP, and DNS.

when I use the wizard to create a new user with an Exchange
MB on Dc1, the acct never shows up on DC2 nor does it show
in Exchange. Even with forcing the replication.
Authentication for logging in,changing PW's, and Exchange
don't even work correctly.

When I use the wizard to create a new user and MB on DC2,
the acct shows up right away on DC1 with no problems. Once
AD has replicated and the user acct shows up in DC1,
authentication, PW Changes, and Exchange all work as normal.

Ive used repadmin, replmon, dcdiag, netdiag, and dsastat
and all show that every is good. Replmon says that
everything is replicagting between the two Dc's, but the
user accts made on DC1 are still not showing on DC2.
repadmin shows all inbound and outbound connections are ok.
What else is there to check..Thanks in advance.

D

 

[Marin Marinov]

<snip>
First, make sure that both DCs can find the other DC's SRV records and
resolve its name to an IP address, I.e. your DNS is absolutely solid.
Try deleting the replication connections and either recreating them
manually of forcing the KCC to rebuild them.

HTH
--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[Guest]

Thanks Marin,

The DNS is not a problem, that does work. DNS Resolution is
working great and the SRV's match in DNS. I'll try deleting
the Rep connections and see how that goes.

Damien

 

[Cary Shultz [A.D. MVP]]

Damien,

This is *possibly* a really simply solution. Opps. I said it now I have to
provide the solution. Not a problem.

Did you install the ESM on the first Domain Controller ( the one without
Exchange 2000 on it )? I am guessing that you did not. If you say, "Cary,
but I did!" then I would suggest to you that when you create a user that you
consider using the ADUC from Start | Programs | Microsoft Exchange rather
than the ADUC from Start | Programs | Administrative Tools. Also, on DC1
when you install the ESM I would strongly suggest that you also install the
Exchange 2000 SP.

I would venture to suggest that when you create the user on DC1 that you are
not really creating the 'mailbox' attributes.

Now, if this is completely incorrect ( I am making the above assumption
because a lot of people do this ) and you are using the ADUC from Start |
Programs | Microsoft Exchange and you are for sure creating the 'mailbox'
attributes then I might ask how much time you are giving it ( the created
user account object ) to show up on DC2. I ask because I have seen it many
times where it can take up to two hours for it to show up on the other DC.
And if we are dealing with multiple Sites it can take a bit longer. And
that is with everything being absolutely correct as far as Replication is
concerned.

If this is not the case ( meaning, you have used the ADUC from Start |
Programs | Microsoft Exchange and multiple hours have passed and still no
user on DC2 ) then I might suggest that you take a look at the Support Tools
( hopefully you have them installed already ) and look at replmon and
repadmin as well as dcdiag and netdiag. These four tools will help you.

Marin has a good idea as well. I typically do not like to delete things,
though, until I have explored other avenues.

HTH,

Cary

 

[Guest]

Cary,

I followed Marin's suggestion with no joy. ESM is installed
on DC1. This is a single site with just the 2 DC's. SP3 for
exchange is installed on DC2. I have been using the ADUC
under admin tools to create the users. When i do, it act's
like it is creating the properties, but never really does.

Replmon and Repladmin say everything is working correctly.
They say that the replication completed successfully. After
adding the user, i've been forcing the replication. When
the user is created on dc2, and i force the replication,
DC1 shows the change immediately. no probs going that way.
I'll try entering the user through the ESM and see how that
goes.
Thanks

Damien

 

[Guest]

Nope, it happens with OU's, computers and users. That was
one of the first things i tried.
Damien

 

[Marin Marinov]

<snip>
Does this happen only with user accounts? Try creating a group or OU on
DC1 and see if it replicates successfully so you isolate the problem
further.

--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.