DNTU’s Domain Members View provides you with the functionality to add and remove machines to/from a domain. You may also Synchronize the Entire Domain (NT4 only) by selecting a machine and choosing the synchronize option from the right button menu. The Synchronize Monitor view provides functionality to synchronize a Backup Domain Controller with the Primary Domain Controller and Force full Synchronization with the Primary Domain Controller. DameWare NT Utilities will dynamically determine the role the computer(s) within the Domain Members view is playing and will display the appropriate icon for that computer type. You may selectively display computers within this view, including View All Computers, View Workstations Only, View Servers Only and View Members Only. When a computer is selected, you may remove it from the domain or add a new member to the domain
The Domain Members window view will display the Computer Count, Status, Computer Name, Computer type, Description and Version, all of which are selectable for column sorting and column ordering.
The following icons distinguish the computer type(s) within the Domain Members view:
This icon represents machines that are Windows NT/2000/XP Workstation clients
This icon represents machines that are Windows NT/2000/2003 servers
This icon represents an Inactive Windows NT/2000/XP/2003 Workstation or Server
This icon represents a Windows NT/2000/2003 Domain Controller
This icon represents an Inactive Windows NT/2000/2003 Domain Controller
Synchronize Monitor View
The Members->Synchronize Monitor View contains several
columns of information for both the Selected Domain Controller and
All Domain Controllers within a domain:
Machine - Primary Domain Controller or Backup Domain
Controllers
Sync. Item - Description of the sync item
Status - In the case of sync item "Connection Status", this
contains any error that may occur or zero (0), if no errors.
All other sync items indicate "Yes", if sync item is occurring or
"No", if sync item is not occurring.
Last - When the sync item last occurred
Count - The count of times the sync has occurred.
Error - The error condition
Note: It is possible to miss a sync event if the event
occurs between checks. A smaller refresh interval could help
eliminate this condition.
NetLogon Service
The NetLogon Service automatically synchronizes changes in the
Windows NT/2000 directory database stored on the Primary Domain
Controller (PDC) to all Backup Domain Controllers (BDCs). Based on
settings in the registry, the PDC sends timed notices that signal
the BDCs to request changes at the same time. When a BDC requests
changes, it informs the PDC of the last change it received so that
the PDC can determine whether a BDC needs updating. If a BDC is up
to date, its’ NetLogon service does not request changes.
The NetLogon Service synchronizes three domain directory databases:
the secuity accounts manager (SAM) database, the SAM built-in
database and the Local Security Authority (LSA) license
database.
SAM accounts: Microsoft domain user and group accounts that you
create. Includes all computer accounts added to the domain such as
domain controllers (DCs) and Windows
NT/2000/XP/2003/Vista/2008/Windows7 computers.
SAM built-in: Local machine built-in user and group accounts such
as Administrator, Domain Admins, etc.
LSA: LSA Secrets that are used for trust relationships and DC
computer account passwords. Also includes the account policy
settings that you configure.
Synchronization occurs:
When a backup domain controller is initialized or restarted in
the domain.
When "forced" by a network administrator using Server Manager.
It occurs automatically by the DCs, depending upon Windows
NT/2000/XP/2003/Vista/2008/Windows7 registry configuration.
The change log records changes to the domain-directory databases,
including new or modified passwords, user and group and accounts
and group membership and user rights. Its' size determines how many
changes the log can hold and the duration. Typically, the change
log holds approximately 2000 changes, retaining only the most
recent changes and deleting the oldest ones first. When a BDC
requests changes, it receives only changes that occurred since the
last synchronization.
The NetLogon Service checks for updates every five minutes
(default). If a BDC does not request changes in a timely manner,
the entire domain directory must be copied to that BDC. For
example, if a BDC is offline for a time (such as for system
repair), more changes could occur during that timeframe than can be
stored in the change log.
Partial synchronization consists of the automatic, timed
replication of directory database changes to all BDCs since the
last synchronization. Full synchronization copies the entire
directory database to a BDC. This occurs automatically when changes
have been deleted from the change log before replication or when
you add a new BDC to a domain.
Both the NetLogon Service updates and the change log size ensure
that full synchronization does not start up under most operating
conditions. In the WAN environment, you can control and refine
NetLogon activity using the Windows
NT/2000/XP/2003/Vista/2008/Windows7 registry entries and methods
described below.
One way to reduce the number of full synchronizations is to build
BDCs at the corporate network site so that the full directory
database can be quickly transferred from a PDC to BDCs. You can
then send the new BDC to the branch office and put it into service
as soon as possible (within 3 to 6 days of dispatch). When the new
BDC starts up, it contacts the PDC to obtain any directory database
changes that occurred while the BDC was offline.