If multiple Directory and Resource Administrator servers simultaneously change the properties of the (NETIQKB3292)

  • 7703292
  • 02-Feb-2007
  • 22-Jun-2007

Resolution

fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.x

goal
If multiple Directory and Resource Administrator servers simultaneously change the properties of the same user object, which change will take precedence in Active Directory?

fix
Each Directory and Resource Administrator (DRA) server connects to a specific Domain Controller (DC). When a DRA server starts, it makes an API call to determine the closest DC. The DRA server will then read from and write changes to this DC.
DRA 6.30 and later allows multi-master functionality of administration servers. Based on the different scenarios below, if two administration servers make a change to the properties of the same user simultaneously, the behavior will be as follows:

The primary DRA server is connecting to Domain Controller1.  Any changes made to a user object while connected to the primary DRA server will be written to DC1.  The secondary server is connecting to Domain Controller 2.  Any changes made to the same user account while connected to the secondary DRA server will be written to DC2.  Active Directory (AD) replication between DC's will then determine which change prevails.  Information on the DC having the latest time stamp will be replicated to the other DC's in the domain.
If both the primary and secondary DRA servers are connecting to the same DC, the changes will be written to that DC in the order that the changes are initiated. 

note
This example was based on a change to a user property, however it applies to any changes made to AD objects through DRA.

 

Additional Information

Formerly known as NETIQKB3292