The repadmin command ignores a Windows Server 2008-based RODC when the command is used together with the /syncall switch

Article ID: 949471 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

You try to use the following repadmin /syncall command to propagate all the changes of a specified naming context to all the domain controllers in a domain and to all the global catalogs in the forest:
repadmin /syncall dsa [NamingContext] /P
Note In this command, dsa represents the host name of a domain controller. Also, NamingContext represents the distinguished name of the directory partition.

However, a Windows Server 2008-based read-only domain controller (RODC) will not try to pull the changes for the specified naming context.

Note The Windows Server 2008-based RODC holds the changes for the specified naming context in its read-only global catalog partition.

To confirm this behavior, you can run the repadmin /showreps command on an RODC. You may notice that the time stamp of the last successful replication of the specified partition was left unchanged. If you run the same command on a full domain controller that is running either Windows Server 2003 or Windows Server 2008, you see that the time stamp of last successful replication for the specified partition is up to date.
Back to the top | Give Feedback

CAUSE

This issue occurs because the syncall parameter in the first command that is mentioned in the "Symptoms" section, uses the hasPartialReplicaNCs attribute on the NTDS settings object to collect a list of domain controllers that host the naming context. Then, the command triggers a replication event. This command will enable domain controllers to do a pull replication of the naming context from its replication partners.

RODCs store the hasPartialReplicaNCs attribute locally. When the repadmin /syncall command is executed from a full domain controller, the full domain controller does not have information about the RODC. Therefore, no replication to the RODC is triggered.
Back to the top | Give Feedback

RESOLUTION

To resolve this issue, you must explicitly specify the read-only global catalog name in the dsa parameter together with the naming context to obtain the updates to the read-only global catalog name. To do this, run a command that resembles the following at a command prompt:
repadmin /syncall RODC [Naming Context]
Note The /P parameter is not a repadmin option on a read-only global catalog. This is the case because, by definition, the read-only global catalogs cannot have originating updates to replicate to other domain controllers.

Note To access advanced help for the Repadmin.exe tool, use the /experthelp parameter.
Back to the top | Give Feedback

STATUS

This behavior is by design.
Back to the top | Give Feedback

MORE INFORMATION

For more information about the Repadmin.exe syntax, visit the following Web site:
http://technet2.microsoft.com/WindowsServer/en/library/03b7fc47-e25c-4af8-822f-f856b565b76a1033.mspx?mfr=true
(http://technet2.microsoft.com/WindowsServer/en/library/03b7fc47-e25c-4af8-822f-f856b565b76a1033.mspx?amp;mfr=true)
The following is the output of the Repadmin /showattr command when the command is run against all the domain controllers. You will notice that the hasPartialReplicaNCs attribute is only returned when Repadmin /showattr is queried against the RODC.
Domain Information:
Parent Domain:  DC1-2003 Domain Controller
                            2008-01 2008 Domain Controller
Sub-Domain:  
2008-02 - Windows server 2008 Domain Controller
 2008-03 - Windows Server 2008 Domain Controller.

C:\Users\Administrator.SUB>repadmin /showattr * "CN=NTDS Settings,CN=2008-03,CN=
Servers,CN=Asia,CN=Sites,CN=Configuration,DC=contoso,DC=com" /atts:hasPartialRep
licaNCs

Repadmin: running command /showattr against full DC dc1.contoso.com
DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC=
contoso,DC=com

Repadmin: running command /showattr against full DC 2008-02.sub.contoso.com
DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC=
contoso,DC=com

Repadmin: running command /showattr against full DC 2008-01.contoso.com
DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC=
contoso,DC=com

Repadmin: running command /showattr against read-only DC 2008-03.sub.contoso.com

DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC=
contoso,DC=com
    1> hasPartialReplicaNCs: DC=contoso,DC=com
Back to the top | Give Feedback

Properties

Article ID: 949471 - Last Review: March 12, 2008 - Revision: 1.0
APPLIES TO
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Web Server 2008
Keywords: 
kbexpertiseinter kbtshoot kbprb KB949471
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top