During my accreditation process for the AD Health Check (the predecessor to the ADRAP) we spent a week with our peers in a brief review. As part of the accreditation process we were each assigned a technical area of AD to present in front of the class. I was assigned AD replication by our instructors and I was both excited and nervous. Excited because I had always loved and been interested by AD replication. Nervous, of course, because I had to mock teach it to my very talented peers and I knew they’d find some weaknesses (which they certainly did).
I was relatively new to Microsoft at the time and what I knew had come from limited practical experience and relentless study. I had worn our 3 copies of Microsoft’s Windows 2000 Server Distributed Systems Guide. I loved that book and still think it is one of the greatest treatments of Active Directory to date (though it has largely been replaced by the online technical references).
During the presentation I was discussing replication schedules. In passing, not expecting the reaction it would draw, I stated, “If you manually edit the connection object then the KCC will reset its schedule to match that of its parent object.” The class didn’t like that. My belief in this statement came only from reading it – I had never tested it before. So I was on my heels a bit. The class was doubtful of this but no one was completely sure so the consensus was that we should just test it to see.
We opened up AD Sites and Services, drilled down to a connection object, and adjusted the schedule. The connection object was changed to manual and when the KCC ran, the schedule wasn’t reset. I was a bit embarrassed but we chalked it up to just a mistake in print and moved on.
After class I was somewhat bothered by this though. I loved the Distributed Systems Guide and just couldn’t believe that it could be mistaken.
In my lab I tried again. Same result. Then I used LDP to set the manual connection object back to be automatically managed by the KCC. This time when the KCC ran, it reset the connection object schedule to that of its parent object. Okay, that’s fine, but that still didn’t make the statement accurate exactly since a manual edit also changed the connection object to manual.
I knew that sometimes Microsoft’s administration tools did more than you were asking for so I thought I’d try another tool. I started with LDP because I figured that would be the most unpolluted way to edit the database with standard tools. But…that looked like a little more than I had bargained for. So, I went with ADSIEdit instead.
This time when I edited the schedule attribute on nTDSConnection object it left the object as automatically managed by the KCC. And just as the infallible Distributed Systems Guide said, when the KCC ran, it reset the schedule to that of its parent object.
I suggest that this should remind us of two things:
- Never doubt the Distributed Systems Guide and,
- Sometimes the perceived behavior is not the behavior of the product but the behavior of the tools used to administer the products
NOTE 1: It is a bit ironic that ADSIEdit gave me a more natural experience with the directory. In a future post we’ll actually look at how the tool makes adjustments when we aren’t expecting them.
NOTE 2: We’ll talk in more detail about the options attribute on the nTDSConnection object in a future post.