System details: IDM - eDir - AD running on Microsoft
Windows server 2008 R2 - Forrest and domain levels are 2003

A customer has an IDM solution, with sync from IDM to AD and from AD to
another eDir, called logintree. So this setup: IDM <-> AD <-> logintree

In the production solution, the customer has 3 DCs. The remote loader
between AD and logintree is installed on DC3. The remote loader from IDM
to AD is installed on a member server and is configured to contact DC2.
This setup works fine. Passwords flow from IDM to logintree and the
other way, and also to both IDM and logintree, if changed in AD.

But, now I made a test environment. I only copied DC1, since it had all
FSMO roles. So, since the remote loader between AD and logintree was on
DC3, I need to reinstall it, and I chose the member server. I thought
why not, it already has the other remote loader instance. And,
syncronization works fine, exept for passwords. It seems like the way it
works, with the pwfilter.dll the password change is consumed when read
by one of the remote loader instances. If I change the password in AD,
it is a 50% chance which of the RL instances consumes the pw change and
syncs it to its system. Placing the RL on the DC does not work either,
since both RLs contact that DC and consumes the pw change.

So, what do I do? Is my only choice to actually add a new DC or is there
some other solution?

Thanks in advance,


jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=52838