-----Original Message-----
Thanks for the reply! This is so frustrating! I know if I am currently in
the OU and change a policy, it will replicate the change immediately for I
have the group policy background refresh computers and refresh for users set
to 1 minute and an offset of 1 minute. It is when I change an OU without
logginf off and then on again that it seems to not update. I don't know
what my replcation is set to, what is the default. I also tried to force
replication between the domain controllers using sites and services and told
it to replicate -- shouldn't that take care of it? Mine is a one site
environment.
.
Wes,
Intrasite Replication is, by default, set at every 15
minutes. Intrasite Replication is the AD Replication
between all DCs in one Site ( you specific situation ).
Since you have only one Site there would not be any
Intersite Replication, which, by default, is set at every
180 minutes ( 3 hours ). Intersite Replication would be
the replication that occurs between Sites. There is
*typically* one DC in each Site that is a "Bridgehead
Server". The Intersite Replication would take place
between these BridgeHead Servers. So, the BHS from SiteA
and the BHS in SiteB would be the Replication Partners
for the Intersite Replication between SiteA and SiteB for
this round. Also, remember that replication happens one-
way at a time. There would be an incomming connection
object representing "BHSA" on BHSB ( replication from
SiteA to SiteB ) and vice versa. All you, the
Administrator, *need* to do is to create the Site Link /
Site Link Bridges and the KCC takes care of the rest (
with a little help from the Intersite Topology
Generator ). Sorry for the little digression from your
situation.
Now, if you have only one DC then there is naturally no
replication between DCs! Wow! And I went to University
for four years! However, based on your response above I
am sure that you have multiple DCs in this single Site.
BTW - Replication still takes place in a one-way
fashion. There would be an incoming connection object
representing DC01 on DC02 ( taking care of the
replication from DC01 to DC02 ) and vice versa. Again,
the KCC takes care of the rest ( again, with a little
help, but in this case from the Intrasite Topology
Generator ).
Also, please bear in mind that AD replication takes place
for each AD Naming Context ( or AD Partition ). These
would be the Schema NC, the Configuration NC and the
Domain NC. Moving a user from one OU to another would be
part of the Domain NC, so this is the NC that we are
worried about in this case.
So, I *THINK* that logging off and back on wont
*necessarily* help ( in this case ). And I used *THINK*
and *necessarily* very intentionally! Granted, usually
when you apply a GPO to the User Configuration and you
make a change those changes *usually* affect the user the
next time he or she logs off and THEN back on. However,
there are also some changes that can happen "in the
background". And, due to your statement above, I know
that you have set that up at 1 minute! Naturally, for
the computer configuration you would have to reboot the
computer for those changes to take affect. I do not
think that this is the problem, though. It is the moving
of a user account object from one Container / OU to
another OU.
I assume that GPO to which you are referring is indeed,
at the very least, linked to the OU to which you have
moved the user account object? This has been my
assumption the whole time! And, what type of policy is
it?
To answer your last question: yes, it should. Assuming
that you went into the "Default-First-Site-Name" ( or to
whatever you renamed it ), went into each and every DC
and clicked on the NTDS Settings and then, in the right
pane, right clicked and selected 'Replicate Now' for each
object. Remember, we are most insterested in the Domain
NC in this case! You are also probably using the DS-RPC
as your transport protocol. Leave that as it is. If and
when you have the chance, do indeed install the Support
Tools on each and every one of your WIN2000 Servers.
Then, on the DCs, take a look at ReplMon! I think that
you might like it.
Does this help any? Sorry for the long monologue but AD
Replication is very entailed and I tried to give you
a "Big Picture" of what is typically going on!
Cary
