Jump to content

Replication help


Recommended Posts

Ok, here's the scenario. I'm on a statewide education domain that consists of having DC's at all our locations across the state, and 3 "main" DC's at the headquarters. I have created a vb script that lets us create generic login accounts that expire in 24 hours for community patrons that wish to use our public access computers in our library.

The problem is when I run the VBscript on a machine here on our campus, it creates the account on the main DC's at the system's office, and not the local one here. It takes 15-20 minutes for the account to replicate down to the local DC, which is what the machines use for login authenication. Thus, they can't use the account for 15-20 minutes til after it's created.

SO, is there any way to force the script to create the account on the LOCAL Domain Controller so that it'll automatically allow login...and it'll filter UP instead of Down? We login to the local DC to reset passwords and such so that this replication "lag" doesn't affect those problems...but I'm not sure how to do it with this script.

Any help is appreciated!

Edited by LiquidHonesty
Link to comment
Share on other sites


First, if you are using a native Windows 2003 domain and the DCs are in the same site the default replication time is only 15 seconds. If they are Windows 2000 DCs or DCs in another site then replication is 15 min.

These two items may help.

1) When you create the account, attach to the domain controller at the site where the new user is and add the account there.

2) You can go into Sites and Services. Open the site link and force replication immediately to all the DCs. Mind you this will increase your WAN traffic while replication is occurring.

I would personally just use item # 1.

Good luck.

Link to comment
Share on other sites

First, if you are using a native Windows 2003 domain and the DCs are in the same site the default replication time is only 15 seconds. If they are Windows 2000 DCs or DCs in another site then replication is 15 min.

These two items may help.

1) When you create the account, attach to the domain controller at the site where the new user is and add the account there.

2) You can go into Sites and Services. Open the site link and force replication immediately to all the DCs. Mind you this will increase your WAN traffic while replication is occurring.

I would personally just use item # 1.

Good luck.

This would require setting up access to the DC for the library staff so they could create the accounts. I don't wish to do this nor train them how to do it. I use a VBScript that prompts for "name" "address" etc for the person and then automatically creates a RANDOM user with a RANDOM password that works for 24 hours. The problem is, it creates that account on the primary DC at the system's office which is 100 miles away and not replicated for 15 minutes or so.

For creating accounts by hand, yes I log into the local DC. But as we have around 20-30 community patrons a day, I'd spend a lot of my time making new accounts for everyone. :) Hence why I created the script to allow the librarians to create it themselves...

Oh, and it's 2003 Native but they've slowed the replication time down to help with speed issues. We have around 100 DC's across the state of KY that it's replicating to. That's why I want to be able to have the script create on my main DC first. :)

I hope that explains my situation better.......... :thumbup

Edited by LiquidHonesty
Link to comment
Share on other sites

would you be able to post the relevant parts of the script you are using?

I can, but it's a simple script that just creates an account. That's not the problem, the problem is I need it to write it to a specific domain controller (a local one) instead of the one it usually connects to (systems office). It SHOULD create it on the local one since the local one authenticates the script user, but it doesn't. Thus I just wondered if there's a command I can write into the script to make it write to a server at a specific IP as opposed to the one it's writing to.

Link to comment
Share on other sites

Well.. I'm not sure why you would have so many DC's, maybe it is a politicaly thing but if the client is creating the account from his\her computer than it should happen on the DC that he\she is authinticated to. This is controlled by the subnets being added to sites and services correctly. We use a vb script for the same purpose and the time there is an issue is if an account is deleted and needs to be recreated "there is a wait for replication then"

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...