DRS Replication Windows<->Windows Study

Fernando José Vieira da Silva fernandojvsilva at yahoo.com.br
Thu Oct 15 09:10:15 MDT 2009


We (students from Unicamp-Brazil) have been also studying the DRS
replication process on Windows<->Windows environment, as part of our
research tasks.

We have done a few experiments when we added or updated some user settings
on Active Directory and watched the replication network traffic through

I know my question may be very basic ...

In an experiment using two Windows Server 2003, we modified some user
settings and it replicated correctly, but in wireshark we couldn't see any
DRSUAPI message exchanged (we were expecting DsReplicaSync and/or
DsGetNCChanges requests and responses, right?). Instead, we found one LDAP
modifyRequest/modifyResponse message that seems to replicate those modified

In another similar experiment, using two Windows Server 2008, we could see
those DRSUAPI messages but there isn't any LDAP modifyRequest/modifyResponse
message, like on the first experiment.

Was this LDAP message expected? Does anybody knows why there isn't any
DRSUAPI message on the first experiment? (It was also expected?) Have we
done something wrong while capturing the network traffic or saving it? (so
those packages were lost? ...) Is there any configuration on Windows Server
2003 that makes it happens or something about it's version (or something
like this...)?

A similar issue happened on an experiment when we added an user (but with a
addRequest/addResponse message).

The first experiment in more details:
    * The "ad_update_user_filtered.cap" file attached holds the network
traffic captured and the "krb5.kt" file attached holds the keytab file for
kerberos decrypting if someone wants to check. The capture file was
previously filtered to avoid unnecessary packages, but I can provide the
full capture file if someone wants it.

- We started the wireshark capture a few seconds before we modify the user;
- On we have modified the following settings of "CN=fernando j.
v. silva,CN=Users,DC=adinterop,DC=local":
     - last name
     - display name
     - description
     - office
- It's replica is;
- The LDAP modifyRequest message is the package number 521 and the
modifyResponse is the number 522;
- After we checked the replication went ok, we stoped the capture, then we
saved it.

Best Regards,

Fernando J V da Silva
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ad_update_user_filtered.cap
Type: application/octet-stream
Size: 233730 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091015/27fe6e64/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5.kt
Type: application/octet-stream
Size: 1537 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091015/27fe6e64/attachment-0003.obj>

More information about the samba-technical mailing list