If, like a current project i am working on, you find yourself wanting to bring a copy of your Active Directory domain in to a test environment, and you have multiple replicating domain controllers, you might find yourself with a stand alone DC not allowing you to log on.
After a lengthy search of Google and a call to Microsoft i have managed to find a workable solution.
Basically, in 2003 anyway, each domain controller will try and do an initial sync when it starts up. Makes sense when you think about it, you don’t want a rogue DC sending out old data after being off for a while.
To stop this and allow the DC to start up and accept logons, there is a nice little registry hack that will allow this.
A note is to try and get a GC so you don’t get stuck looking for one.
The following entry will solve your issues:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters
Type:DWORD
Key:Repl Perform Initial Synchronizations
value:0x0
What it does is allows the server to load it’s domain services and start allowing logons without waiting to do a sync with the DC’s around it.
🙂
