How do I configure Directory Replication?

A. Directory Replication is the process of replicating directories and their contents from one machine to one or more machines. The only machines that can be export servers are Windows NT Server machines. Import servers can be an NT server, NT workstation or OS/2 LAN Manager machine.

The main usage for Directory Replication is for the export of login scripts from the PDC to the BDC(s), where the PDC is the export server and the BDC the import server. This means when you login the BDC can also supply the login script as well as the authentication of the user, leaving the PDC free. This is the case that will be explained below.

  1. You must add an account that will be used for the Directory Replication (i.e. Repuser). You cannot use the name Replicator as there is a user group of this name. Start User Manager for Domains (Start - Programs - Administrative Programs - User Manager for Domains)
  2. From the User menu, select New User.
  3. Name the user RepUser, with a full name and description. Set the password.
  4. Unselect "User must change password at next logon" and select "Password never expires"
  5. Click Groups and add to "Backup Operators" group
  6. Click Hours and ensure the user has 24hours for all days
  7. Close User Manager for Domains

The user has now been added to the domain, and the export server now needs to be configured

  1. Logon to the Export Server machine, the Primary Domain Controller as an Administrator
  2. From Control Panel click on Services
  3. Select "Directory Replication" and click Startup. Select Automatic, and for "Log on as" click the "..." button and select the Repuser and click Add. Next type in the password for the Repuser that you set.
  4. Click OK and a message "User <domain>\Repuser has been granted the Logon as a Service right and added to the local Replicator local group" will be displayed.
  5. Close the Services Control Panel applet
  6. Double click the "Server" Control Panel applet and click the Replication button
  7. In the export by default it will show %systemroot%/system32/Repl/Export which is where login scripts should be held. Clear any entries in the Export or Import machine list.
  8. Make sure "Export Directories" and "Import Directories" are checked, and close the Replication applet.
  9. From the Services Control Panel Applet click on "Directory Replication" and click Start
  10. Logoff of the PDC and logon to the BDC (or whatever the import machine)
  11. Start the Services Control Panel Applet and as before enable the Replication Service to automatically start at reboot but do not manually start it now.
  12. Start the Server Control Panel Applet and select Replication
  13. Select "Import Directories" and check the list of machines to import from is blank
  14. Click OK and it will start the "Directory Replication" service

You may be wondering why you should keep your login scripts in the export area, when your NETLOGON share is import/scripts, well it will actually replicate to itself from the export/scripts to import/scripts so they will be the same.

Some people have problems with replication and adding Repuser to the Domain Administrators group may fix the problem. Also only directories directly under the /export directory will be replicated, files will not be, they have to be in a subdirectory of export.

If you have problems you may also need to add an entry to the registry to allow the replicator service to access the remote registries. Open hkey_local_machine\system\currentcontrolset\control\securepipeservers\winreg\allowedpaths and add "system\currentcontrolset\services\replicator"

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.