We have started to update our Active Directory to Windows Server 2003 version.
Currently we have a mix of 2000 and 2003 Domain Controllers.
In the Event log' for 'the 'Directory Service' we are seeing Error Event ID 1863 and
Warning Event ID 1862 (Source: NTDS Replication).
These both say:
The local domain controller has not received replication information from
a number of domain controllers within the configured latency interval.
<--snip-->
You can also use the support tool repadmin.exe to display the replication
latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".
We have found that if we run this command on a 2000 DC, we get this:
C:\>repadmin /showvector DC=test,DC=net DC3 /latency
Caching GUIDs.
..
SiteA\DC1 @ USN 3499896
SiteA\DC2 @ USN 3192000
SiteB\DC3 @ USN 747217
SiteB\DC4 @ USN 56172
SiteC\DC5 @ USN 56450
We have found that if we run this command on a 2003 DC, we get this:
C:\>repadmin /showvector DC=test,DC=net DC4 /latency
Caching GUIDs.
..
SiteA\DC1 @ USN 3499896 @ Time 2004-01-26 11:31:37
SiteA\DC2 @ USN 3192000 @ Time (unknown)
SiteB\DC3 @ USN 747217 @ Time 2004-01-26 11:37:08
SiteB\DC4 @ USN 56172 @ Time 2004-01-26 11:37:21
SiteC\DC5 @ USN 56450 @ Time (unknown)
(DC1,DC4,DC5 are Bridgeheads - DC1,DC2,DC3 are Win2k - DC4,DC5 are Win2k3)
(Repadmin was version 5.2.3790.0)
Our conclusion is that you need a 2003 DC to track the latency and
this is not supported by a 2000 DC.
We suspect that we are seeing this error either because all our DC's are not yet 2003
or because we have not got a 2003 DC in all the sites (no 2k3 DC in SiteA).
Using LDP.EXE and viewing tree 'DC=test,DC=net' you can see the value of the
'replUpToDateVector' attribute.
On a 2000 DC you see something like this:
replUpToDateVector:
dwVersion: 1,
dwReserved1: 0,
V1.cNumCursors: 4,
V1.dwReserved2: 0,
rgCursors:
{uuidDsa: 84f9f70b-489f-43a2-a1ee-c677ff42efca, usnHighPropUpdate: 3499896},
{uuidDsa: 2e27839f-0142-4d32-811a-7d000970dd7b, usnHighPropUpdate: 3192000},
{uuidDsa: 918a3001-110d-444f-8928-68716ad9ef66, usnHighPropUpdate: 56172},
{uuidDsa: 6cdd4741-581b-470f-85df-186d86cf771e, usnHighPropUpdate: 56450},
Note that the above is using LDP.EXE v3.0 (File version 5.2.3790.0)
If you use an older version of LDP you may see 'usnHighPropUpdate' = (USN *100) + 64
On a 2003 DC if you try to do the same thing, (Note, you need to 'bind' with a user
name with permision on a 2k3 DC) you see:
replUpToDateVector:
<ldp error: cannot process UPDATE_VECTOR v.2>;
It would seem that Server 2003 uses a different format (V2) for this attribute and
that Version 3.0 of LDP.EXE cannot yet deal with it!
Some googling shows that Microsoft have an API to read this attribute called
'DsReplicaGetInfo()'
The attribute has a CN of 'Repl-UpToDate-Vector'
and the Ldap-Display-Name is 'replUpToDateVector'.
Nigel Smith
2004-01-26
| Home | Hints & Tips |