Article ID: 232690 - View products that this article applies to.
This article was previously published under Q232690
Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/256986/ )Description of the Microsoft Windows registry
The majority of Active Directory replication in Windows 2000 takes place at predefined intervals. However, select changes to objects in Active Directory must take place immediately to allow for proper administration of a domain. This article describes urgent replication events as they pertain to Windows 2000 domains, Windows 2000 and Microsoft Windows NT 4.0 mixed-domain environments, and password changes.
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Urgent replication events
Urgent replication in Windows 2000 (release version)Windows 2000 (release version) enables change notifications to propagate across inter-site connections. This is administratively configured on each site-link. Enabling change notifications across site-links propagates all change notifications. This enables urgent changes and all other replication events to propagate to a remote site with the same frequency as within the source site.
When passwords are changed in Windows 2000 they are not replicated urgently. However, when a password is changed, it is "pushed" to the primary domain controller (PDC). "Pushed" means that the password is sent over NETLOGON's secure channel to the PDC. Specifically, the backup domain controller (BDC) makes a remote procedure call (RPC) to the PDC, which indicates the user and the users new password. The PDC then sets this value locally. This push mechanism is independent of Windows 2000 replication. For more information about urgent replication, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/306133/ )Account unlocks and manual password expirations are not replicated urgently
Windows 2000 domains onlyUrgent replication between Windows 2000 domain controllers consists of the following events:
Windows 2000 and Windows NT 4.0 mixed-domain environmentWindows NT 4.0 backup domain controllers interoperate with Windows 2000 domain controllers in mixed mode (more specifically, with the PDC FSMO role owner). The following events are replicated immediately from the Windows 2000 PDC Flexible Single Master Operation (FSMO) to the Windows NT 4.0 BDCs:
Password replication in Windows 2000Changes to account passwords can be made at any domain controller because all full replicas of a given domain are writable. This differs from Windows NT 4.0 and earlier versions, in which password changes were made at the PDC for the domain. This is the only writable replica of the Security Account Manager (SAM) in Windows NT 4.0. This can lead to unexpected behavior when a password is changed by a user at domain controller "A" who then attempts to log on with authentication by domain controller "B." If the password has not been replicated from "A" to "B," the logon attempt does not succeed. In Windows NT 4.0, if authentication does not succeed at the BDC, the authentication is remoted to the PDC. Windows 2000 exhibits similar behavior, as follows:
Article ID: 232690 - Last Review: October 11, 2007 - Revision: 4.5