Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > DameWare Remote Support & Mini Remote Control > DameWare Remote Support User Guide > Remote system tasks and views > Synchronize Monitor view

Synchronize Monitor view

Table of contents
Created by Anthony.Rinaldi_ret, last modified by Anthony.Rinaldi_ret on Jul 12, 2016

Views: 19 Votes: 0 Revisions: 2

The Synchronize Monitor view contains several columns of information for both the Selected Domain Controller and All Domain Controllers within a domain:

  • Machine: The name of the selected Primary Domain Controller or Backup Domain Controller.

  • Sync. Item: A description of the sync item.

  • Status: In the case of sync item Connection Status, this contains any error that may occur or zero (0), if no errors.

    All other sync items indicate Yes if sync item is occurring or No, if sync item is not occurring.

  • Last: The data and time the sync item last occurred.

  • Count: The number of times the sync has occurred.

  • Error: The error condition.

It is possible to miss a sync event if the event occurs between checks. A smaller refresh interval could help eliminate this condition.

NetLogon Service

The NetLogon Service automatically synchronizes changes in the Windowsdirectory database stored on the Primary Domain Controller (PDC) to all Backup Domain Controllers (BDC). Based on settings in the registry, the PDC sends timed notices that signal the BDCs to request changes at the same time. When a BDC requests changes, it informs the PDC of the last change it received so that the PDC can determine whether a BDC needs updating. If a BDC is up to date, its NetLogon service does not request changes.

The NetLogon Service synchronizes three domain directory databases: the security accounts manager (SAM) database, the SAM built-in database, and the Local Security Authority (LSA) license database.

SAM database

Contains Microsoft domain user and group accounts that you create. Includes all computer accounts added to the domain such as domain controllers (DCs) and Windows-based computers.

SAM built-in database

Contains the local computer's built-in user and group accounts such as Administrator and Domain Admins.

LSA license database

Contains LSA Secrets that are used for trust relationships and DC computer account passwords. Also includes the account policy settings that you configure.

Synchronization occurs:

  • When a backup domain controller is initialized or restarted in the domain.

  • When "forced" by a network administrator using Server Manager.

It occurs automatically by the DCs, depending upon members' registry configuration.

The change log records changes to the domain-directory databases, including new or modified passwords, user and group and accounts and group membership and user rights. Its size determines how many changes the log can hold and the duration. Typically, the change log holds approximately 2000 changes, retaining only the most recent changes and deleting the oldest ones first. When a BDC requests changes, it receives only changes that occurred since the last synchronization.

The NetLogon Service checks for updates every five minutes (default). If a BDC does not request changes in a timely manner, the entire domain directory must be copied to that BDC. For example, if a BDC is offline for a time (such as for system repair), more changes could occur during that timeframe than can be stored in the change log.

Partial synchronization consists of the automatic, timed replication of directory database changes to all BDCs since the last synchronization. Full synchronization copies the entire directory database to a BDC. This occurs automatically when changes have been deleted from the change log before replication or when you add a new BDC to a domain.

Both the NetLogon Service updates and the change log size ensure that full synchronization does not start up under most operating conditions. In the WAN environment, you can control and refine NetLogon activity using the member registry entries and a variation of the following method.

To reduce the number of full synchronizations needed in a WAN environment:

  1. Build BDCs at the corporate network site so that the full directory database can be quickly transferred from a PDC to BDCs.

  2. Send the new BDCs to the branch offices

  3. Put the new BDCs into service as soon as possible (within 3 to 6 days of dispatch).

When the new BDC starts up, it contacts the PDC to obtain any directory database changes that occurred while the BDC was offline.

Last modified
14:33, 12 Jul 2016

Tags

Classifications

Public