Guest Chad Bailey Posted July 23, 2008 Posted July 23, 2008 Here's the problem.... We have one 2003 domain spread over multiple physical sites. Each site is connected to the main site by WAN links and has a local domain controller. The main office site has an Exchange server which hosts all client mailboxes, including the ones for the remote site users. The problem we have is with password synchronization timing. For example, if a user's password expires and they have to change it on their client, and they are in the home site where the Exchange server is located, there are no issues. BUT!... if a user at one of the remote sites changes their password, the synchronization is such in AD across the remote links that Exchange does not get the updated information until the next replication time which at the shortest is 15 minutes. So this person is locked out of exchange until the AD replication is sent to the home site. In AD, I have defined individual subnets and sites for these remote locations. As best I can tell, when you define different sites, it is impossible to reduce the replication time under 15 minutes. And that is what presents the password syncing issues for us. Is there anyway around this problem? Thanks for any advice. Chad
Guest Meinolf Weber Posted July 24, 2008 Posted July 24, 2008 Re: AD password syncing, replication, & Exchange Hello Chad, If a DC other than the PDCemulator receives an authentication request with a bad password, before it rejects the authentication request outright it will refer the authentication request to the PDCemulator. So make sure the Exchange has the PDCEmulator under the ESM "recipient update service". See here about the passwored replication, scroll down to "Replication of Password Changes": http://technet2.microsoft.com/windowsserver/en/library/1465d773-b763-45ec-b971-c23cdc27400e1033.mspx?mfr=true http://www.microsoft.com/technet/abouttn/flash/tips/tips_060805.mspx Do you use OWA from Exchange? Also check this document about, search it for Exchange: http://www.microsoft.com/downloads/details.aspx?FamilyID=8C8E0D90-A13B-4977-A4FC-3E2B67E3748E&displaylang=en Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Here's the problem.... > > We have one 2003 domain spread over multiple physical sites. Each site > is connected to the main site by WAN links and has a local domain > controller. The main office site has an Exchange server which hosts > all client mailboxes, including the ones for the remote site users. > > The problem we have is with password synchronization timing. For > example, if a user's password expires and they have to change it on > their client, and they are in the home site where the Exchange server > is located, there are no issues. > > BUT!... if a user at one of the remote sites changes their password, > the synchronization is such in AD across the remote links that > Exchange does not get the updated information until the next > replication time which at the shortest is 15 minutes. So this person > is locked out of exchange until the AD replication is sent to the home > site. > > In AD, I have defined individual subnets and sites for these remote > locations. As best I can tell, when you define different sites, it is > impossible to reduce the replication time under 15 minutes. And that > is what presents the password syncing issues for us. > > Is there anyway around this problem? > > Thanks for any advice. > > Chad >
Recommended Posts