Information Technology Reference
In-Depth Information
DC
Domain 2
DC
Domain 3
DC
Domain 4
DC 1
Global catalog
server
10
DC 2
DC 3
Domain 1
Figure 10-21
Global catalog replication
Most Active Directory database changes follow the regular replication rules: Wait 15 seconds
after a change is made before notifying partners, and then forward the changes with 3-second
intervals between changes. However, certain changes require special processing:
•
Urgent replication events
—The following events trigger change notifications immediately,
without waiting the normal 15 seconds:
• Account lockouts, which occur when an account has a certain number of failed logon
attempts
• Changes to the account lockout policy
• Changes to the domain password policy
• Changes to non-security principal passwords, such as the password used to create a trust
relationship
• Password change to a domain controller computer account
• Changes to the RID master DC
•
User account password changes
—Special replication processing occurs when a user's pass-
word is changed. A user whose password is changed can be authenticated by a DC differ-
ent from the one where the change originates. To avoid delays between password changes
and a user's ability to log on, Active Directory forwards password changes with urgent
processing to the PDC emulator DC. If a user attempts to log on with the new password
before the authenticating DC has this information, the logon attempt is forwarded to the
Search WWH ::
Custom Search