How do I ensure that password changes are made locally on a domain controller?
Directory and Resource Administrator 6.x
When changes are made using Directory and Resource Administrator (DRA), the changes are written to the domain controller that DRA is connected to. In many cases, this domain controller may not be may be in a different site. After the Active Directory replication occurs the local domain controller will be aware of the changes.
In order for remote domain controllers to know about password changes made using Directory and Resource Administrator the following options are available:
- A secondary Directory and Resource Administrator server can be configured in the remote site. The DRA server in the remote site will communicate with the local domain controller in that site.
- DRA can be configured to always communicate with a domain controller in a remote site. For more information on how to configure DRA to always communicate with a specific domain controller, please refer to the following knowledge base article:
- NETIQKB1885: How do I configure the Directory and Resource Administrator server to write all changes to a specific domain controller?
The ability to specify a domain controller during password resets operations has been included starting in Directory and Resource Administrator 7.0.