When you create a user and if you have a password policy, it is always created
as disabled, replication has nothing to do with it and forcing a replication
will not enable a user.
The reason is that if you have a password policy, an account must be set with a
password before it can be enabled. You can not create a user object with a
password, you must create the object, then set the password. Generally most
tools will enable the ID when the password is set as well (a la ADUC or the NET
USER command).
Now that account will be useable by any machines that authenticate against the
DC that has the information, this replicates out to other machines. Until the ID
gets to a specific DC, that DC can not authenticate that user. That would be the
only reason replication would be involved but I still wouldn't recommend forcing
the recommendation separately. More than likely you can correct the issue by
having a more thorough understanding of your replication topology and the
configurations that can be made to it.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Oleg Ogurok wrote:
Hi all,
After adding a user to active directory, its state is set to Disabled until
the next replication occurs or until I manually force the replication using
Active Directory Sites and Services.
Is there a way to force the replication via C# or unmanaged code?
Thanks,
Oleg.
