AD Replication

  • Thread starter Thread starter Dj
  • Start date Start date
D

Dj

Domain replication between domain controllers has been
broken for over 60days with a block on RPC ports on our
routers. I have a good number (30 and over) of DC's in
quite a number of locations separated by routers.
My question is, if I were to open-up RPC ports on my
router after 60 days, what effect will that have on the
integrity of the infrastruture.
I have been told been told that tombstone value of 60
days will apply as most of the objects will have been
tombstoned on the various DC's, as lack of replication
will have assumed the absence of the server and therefore
objects.

Need help on way forward. Thanks
 
circa Sat, 25 Oct 2003 12:34:57 -0700, in
microsoft.public.win2000.active_directory, Dj ([email protected])
said,
Domain replication between domain controllers has been
broken for over 60days with a block on RPC ports on our
routers. I have a good number (30 and over) of DC's in
quite a number of locations separated by routers.
My question is, if I were to open-up RPC ports on my
router after 60 days, what effect will that have on the
integrity of the infrastruture.
I have been told been told that tombstone value of 60
days will apply as most of the objects will have been
tombstoned on the various DC's, as lack of replication
will have assumed the absence of the server and therefore
objects.

Need help on way forward. Thanks
Click to expand...
You have not specified your server operating systems and/or service
pack level, but yes, you can anticipate likely problems. If the DCs
are 2003 or 2000 SP3+, they're going to refuse to replicate with each
other, in fact.

A few links:

http://support.microsoft.com/default.aspx?scid=kb;en-us;317097
http://support.microsoft.com/default.aspx?scid=kb;EN-US;314282
http://tinyurl.com/sdpb
http://support.microsoft.com/default.aspx?kbid=239639


For future configuration, you may want to set up demand-dial or
persistent VPNs between your DCs in different sites for purposes of
replicating AD. Opening RPC ports on a firewall is not a desirable
solution.

HTH,

Laura
 
Back
Top