Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. The repadmin command ignores a Windows Server 2008-based RODC when the command is used together with the /syncall switch

The repadmin command ignores a Windows Server 2008-based RODC when the command is used together with the /syncall switch

View products that this article applies to.

Symptoms

You try to use the following repadmin /syncall command to propagate all the changes of a specified naming context to all the domain controllers in a domain and to all the global catalogs in the forest:
repadmin /syncall dsa [NamingContext] /P
Note In this command, dsa represents the host name of a domain controller. Also, NamingContext represents the distinguished name of the directory partition.

However, a Windows Server 2008-based read-only domain controller (RODC) will not try to pull the changes for the specified naming context.

Note The Windows Server 2008-based RODC holds the changes for the specified naming context in its read-only global catalog partition.

To confirm this behavior, you can run the repadmin /showreps command on an RODC. You may notice that the time stamp of the last successful replication of the specified partition was left unchanged. If you run the same command on a full domain controller that is running either Windows Server 2003 or Windows Server 2008, you see that the time stamp of last successful replication for the specified partition is up to date.

↑ Back to the top

Cause

This issue occurs because the syncall parameter in the first command that is mentioned in the "Symptoms" section, uses the hasPartialReplicaNCs attribute on the NTDS settings object to collect a list of domain controllers that host the naming context. Then, the command triggers a replication event. This command will enable domain controllers to do a pull replication of the naming context from its replication partners.

RODCs store the hasPartialReplicaNCs attribute locally. When the repadmin /syncall command is executed from a full domain controller, the full domain controller does not have information about the RODC. Therefore, no replication to the RODC is triggered.

↑ Back to the top

Resolution

To resolve this issue, you must explicitly specify the read-only global catalog name in the dsa parameter together with the naming context to obtain the updates to the read-only global catalog name. To do this, run a command that resembles the following at a command prompt:
repadmin /syncall RODC [Naming Context]
Note The /P parameter is not a repadmin option on a read-only global catalog. This is the case because, by definition, the read-only global catalogs cannot have originating updates to replicate to other domain controllers.

Note To access advanced help for the Repadmin.exe tool, use the /experthelp parameter.

↑ Back to the top

Status

This behavior is by design.

↑ Back to the top

More information

For more information about the Repadmin.exe syntax, visit the following Web site:
http://technet2.microsoft.com/WindowsServer/en/library/03b7fc47-e25c-4af8-822f-f856b565b76a1033.mspx?mfr=true
The following is the output of the Repadmin /showattr command when the command is run against all the domain controllers. You will notice that the hasPartialReplicaNCs attribute is only returned when Repadmin /showattr is queried against the RODC.
Domain Information:
Parent Domain:  DC1-2003 Domain Controller
                            2008-01 2008 Domain Controller
Sub-Domain:  
2008-02 - Windows server 2008 Domain Controller
 2008-03 - Windows Server 2008 Domain Controller.

C:\Users\Administrator.SUB>repadmin /showattr * "CN=NTDS Settings,CN=2008-03,CN=
Servers,CN=Asia,CN=Sites,CN=Configuration,DC=contoso,DC=com" /atts:hasPartialRep
licaNCs

Repadmin: running command /showattr against full DC dc1.contoso.com
DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC=
contoso,DC=com

Repadmin: running command /showattr against full DC 2008-02.sub.contoso.com
DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC=
contoso,DC=com

Repadmin: running command /showattr against full DC 2008-01.contoso.com
DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC=
contoso,DC=com

Repadmin: running command /showattr against read-only DC 2008-03.sub.contoso.com

DN: CN=NTDS Settings,CN=2008-03,CN=Servers,CN=Asia,CN=Sites,CN=Configuration,DC=
contoso,DC=com
    1> hasPartialReplicaNCs: DC=contoso,DC=com

↑ Back to the top

Keywords: kbexpertiseinter, kbtshoot, kbprb, KB949471

↑ Back to the top

Article Info
Article ID : 949471
Revision : 1
Created on : 3/12/2008
Published on : 3/12/2008
Exists online : False
Views : 282