We are going to be adding a few new Domain Controllers into our school environment to have authentication closer to the end user. I've read about creating the site links and setting the replication intervals there, but I was just trying to get some clarification on how passwords work.
If all DCs are set to replicate from the main DC at SITEA, and someone at SITEB needs a password reset, do I need to reset their password from the DC at SITEB? Or will resetting the password on the DC at SITEA automatically push it down to the other DCs, or does it have to wait for the next tick of the replication interval?
Best Answer
The password is replicated to the domain controller with the PDC Emulator role immediately, at the next replication interval to all other domain controllers.
Additionally, if a logon fails, the authentication is attempted at the the PDC Emulator role domain controller, so you should not need to be too concerned about the effects of delayed replication for password changes.