Chapter 17. AD replication
You’ve seen that AD domain controllers work in a multi-master fashion. This means that you can make changes, like modifying a user account or changing group membership on any domain controller. If that’s all that happens, you’ll be left with multiple versions of the same user account or groups that “think” that they have different membership lists depending on which domain controller you’re looking at. This is a recipe for chaos.
Check the same user account on different domain controllers. Is the information identical? Can you see anything different between the two versions? Make the same check for the membership list of a group.
Get Learn Active Directory Management in a Month of Lunches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
