F
fred
I'm tryng to find the best way to track user's lastlogon
in 2 domains with 4 domain controllers. Instead of
querying the dc of each domain and taking the greater
value for the accounts in those domains I thought i
would "Replicate this attribute to the Global Catalog".
This did not seem to work. I open the schema snap in,
check the box to perform this action and I'm receiving an
error "Could not change whether this attribute should be
replicated to the global catalog servers". Im trying to
perform this via terminal services to the server that is
the schema master(as reported by replication monitor) in
the parent domain while logged in as a domain admn that
is a member of the schema admns group. The registry
setting allowing schema updates is set to 1 and if I
right click on active directory schema and go to
operations masters the appropriate check box is checked
for schema modification. This server is not a global
catalog server. All servers are 2k. This leads me to a
few questions.
1. Is this possible and if so is this even the right
thing to do?
2. does the registry setting to allow schema updates have
to be set on each domain controller? (didnt think so, but
wanted to be sure)
3. if this were successfull im assuming that i would
modify this attribute in domain.com and it would also
replicate to child.domain.com assuming trusts are set?
4. to make the change does the schema master also have to
have the global catalog on the same server?
5. why am i receiving "Could not change whether this
attribute should be replicated to the global catalog
servers" if all steps have been taken to allow schema
modifications.
6. term services have anything to do with this?
i appreciate any feedback and will gladly provide more
info if needed.
in 2 domains with 4 domain controllers. Instead of
querying the dc of each domain and taking the greater
value for the accounts in those domains I thought i
would "Replicate this attribute to the Global Catalog".
This did not seem to work. I open the schema snap in,
check the box to perform this action and I'm receiving an
error "Could not change whether this attribute should be
replicated to the global catalog servers". Im trying to
perform this via terminal services to the server that is
the schema master(as reported by replication monitor) in
the parent domain while logged in as a domain admn that
is a member of the schema admns group. The registry
setting allowing schema updates is set to 1 and if I
right click on active directory schema and go to
operations masters the appropriate check box is checked
for schema modification. This server is not a global
catalog server. All servers are 2k. This leads me to a
few questions.
1. Is this possible and if so is this even the right
thing to do?
2. does the registry setting to allow schema updates have
to be set on each domain controller? (didnt think so, but
wanted to be sure)
3. if this were successfull im assuming that i would
modify this attribute in domain.com and it would also
replicate to child.domain.com assuming trusts are set?
4. to make the change does the schema master also have to
have the global catalog on the same server?
5. why am i receiving "Could not change whether this
attribute should be replicated to the global catalog
servers" if all steps have been taken to allow schema
modifications.
6. term services have anything to do with this?
i appreciate any feedback and will gladly provide more
info if needed.