A. It's possible to enable strict replication mode with AD. Strict replication prohibits a domain controller (DC) that has been disconnected for a prolonged period from replicating outdated objects. A prolonged period is defined as longer than the tombstone lifetime, which is 180 days by default. The danger is that a DC that's disconnected for longer than the tombstone will potentially have objects that were deleted and have since been removed from the database through garbage collection. DCs with the strict replication consistency setting will refuse to replicate with the outdated DC.
To enable strict replication on a DC, use the command
repadmin /regkey+strict
You can also enable it by giving the registry key
HKLM\System\CurrentControlSet\Services\NTDS\Parameters Strict Replication Consistency
a value of 1.
Related Reading:- Q. What volume sizes do I need for my Active Directory?
- Can I change the type of logging that Active Directory (AD) uses?
- Q. If the DNS on my read-only domain controller (RODC) is read-only, should clients at that location point to DNS on the RODC or another DNS server that's writable?
- Q. Can I have Windows NT 4 BDC's in my Windows 2008 and Server 2008 R2 Active Directory domains?
Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
0 comments
Hide comments
