F
fred
I'm tryng to find the best way to track user's lastlogon
in 2
domains with 4 domain controllers. Instead of querying
the dc
of each domain and taking the greater value for the
accounts in
those domains I thought i would "Replicate this attribute
to the
Global Catalog". This did not seem to work. I open the
schema
snap in, check the box to perform this action and I'm
receiving
an error "Could not change whether this attribute should
be
replicated to the global catalog servers". Im trying to
perform
this via terminal services to the server that is the
schema
master(as reported by replication monitor) in the parent
domain
while logged in as domain admn that is a member of the
schema
admns group. The registry setting allowing schema updates
is
set to 1 and if I right click on active directory schema
and go
to operations masters the appropriate check box is
checked for
schema modification. This server is not a global catalog
server.
All servers are 2k. Im not receiving any other errors
anywhere when trying to perform this. I'm also not
recieving any unusual errors in eventvwr.msc for anything
else. This leads me to a few questions.
1. Is this possible and if so is this even the right
thing to do?
2. does the registry setting to allow schema updates have
to be
set on each domain controller? (didnt think so, but
wanted to
be sure)
3. if this were successfull im assuming that i would
modify the
attribute in domain.com and it would also replicate to
child.domain.com assuming trusts are set?
4. to make the change does the schema master also have
the
global catalog on the same server?
5. why am i receiving "Could not change whether this
attribute
should be replicated to the global catalog servers" if
all steps
have been taken to allow schema modifications.
6. term services have anything to do with this?
i appreciate any feedback and will gladly provide more
info if
needed.
in 2
domains with 4 domain controllers. Instead of querying
the dc
of each domain and taking the greater value for the
accounts in
those domains I thought i would "Replicate this attribute
to the
Global Catalog". This did not seem to work. I open the
schema
snap in, check the box to perform this action and I'm
receiving
an error "Could not change whether this attribute should
be
replicated to the global catalog servers". Im trying to
perform
this via terminal services to the server that is the
schema
master(as reported by replication monitor) in the parent
domain
while logged in as domain admn that is a member of the
schema
admns group. The registry setting allowing schema updates
is
set to 1 and if I right click on active directory schema
and go
to operations masters the appropriate check box is
checked for
schema modification. This server is not a global catalog
server.
All servers are 2k. Im not receiving any other errors
anywhere when trying to perform this. I'm also not
recieving any unusual errors in eventvwr.msc for anything
else. This leads me to a few questions.
1. Is this possible and if so is this even the right
thing to do?
2. does the registry setting to allow schema updates have
to be
set on each domain controller? (didnt think so, but
wanted to
be sure)
3. if this were successfull im assuming that i would
modify the
attribute in domain.com and it would also replicate to
child.domain.com assuming trusts are set?
4. to make the change does the schema master also have
the
global catalog on the same server?
5. why am i receiving "Could not change whether this
attribute
should be replicated to the global catalog servers" if
all steps
have been taken to allow schema modifications.
6. term services have anything to do with this?
i appreciate any feedback and will gladly provide more
info if
needed.