Article ID: 949471 - View products that this article applies to.
You try to use the following repadmin /syncall command to propagate all the changes of a specified naming context to all the domain controllers in a domain and to all the global catalogs in the forest:
repadmin /syncall dsa [NamingContext] /PNote In this command, dsa represents the host name of a domain controller. Also, NamingContext represents the distinguished name of the directory partition.
However, a Windows Server 2008-based read-only domain controller (RODC) will not try to pull the changes for the specified naming context.
Note The Windows Server 2008-based RODC holds the changes for the specified naming context in its read-only global catalog partition.
To confirm this behavior, you can run the repadmin /showreps command on an RODC. You may notice that the time stamp of the last successful replication of the specified partition was left unchanged. If you run the same command on a full domain controller that is running either Windows Server 2003 or Windows Server 2008, you see that the time stamp of last successful replication for the specified partition is up to date.
This issue occurs because the syncall parameter in the first command that is mentioned in the "Symptoms" section, uses the hasPartialReplicaNCs attribute on the NTDS settings object to collect a list of domain controllers that host the naming context. Then, the command triggers a replication event. This command will enable domain controllers to do a pull replication of the naming context from its replication partners.
RODCs store the hasPartialReplicaNCs attribute locally. When the repadmin /syncall command is executed from a full domain controller, the full domain controller does not have information about the RODC. Therefore, no replication to the RODC is triggered.
To resolve this issue, you must explicitly specify the read-only global catalog name in the dsa parameter together with the naming context to obtain the updates to the read-only global catalog name. To do this, run a command that resembles the following at a command prompt:
repadmin /syncall RODC [Naming Context]Note The /P parameter is not a repadmin option on a read-only global catalog. This is the case because, by definition, the read-only global catalogs cannot have originating updates to replicate to other domain controllers.
Note To access advanced help for the Repadmin.exe tool, use the /experthelp parameter.
For more information about the Repadmin.exe syntax, visit the following Web site:
http://technet2.microsoft.com/WindowsServer/en/library/03b7fc47-e25c-4af8-822f-f856b565b76a1033.mspx?mfr=trueThe following is the output of the Repadmin /showattr command when the command is run against all the domain controllers. You will notice that the hasPartialReplicaNCs attribute is only returned when Repadmin /showattr is queried against the RODC.
Domain Information: Parent Domain: DC1-2003 Domain Controller 2008-01 2008 Domain Controller Sub-Domain: 2008-02 - Windows server 2008 Domain Controller 2008-03 - Windows Server 2008 Domain Controller. C:\Users\Administrator.SUB>repadmin /showattr * "CN=NTDS Settings,CN=2008-03,CN= Servers,CN=Asia,CN=Sites,CN=Configuration,DC=contoso,DC=com" /atts:hasPartialRep licaNCs Repadmin: running command /showattr against full DC dc1.contoso.com DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC= contoso,DC=com Repadmin: running command /showattr against full DC 2008-02.sub.contoso.com DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC= contoso,DC=com Repadmin: running command /showattr against full DC 2008-01.contoso.com DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC= contoso,DC=com Repadmin: running command /showattr against read-only DC 2008-03.sub.contoso.com DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC= contoso,DC=com 1> hasPartialReplicaNCs: DC=contoso,DC=com
Article ID: 949471 - Last Review: March 12, 2008 - Revision: 1.0