We recently implmented a way to allow users to unlock accounts themselves after too many invalid password attempts. It is working great, but we are having an issue with replicating account unlocks across sites (with Active Directory on Windows Server 2008 R2). Lockouts replicate to all domain controllers immediately but unlocks only unlock immediately in the site they are unlocked and then take 15 minutes to replicate to the other sites.
I have been searching for a setting that would allow unlocks to be replicated across all sites immedaitely but I am not havning any luck. Does anyone know how to replicate unlocks immediately?
Thank you for your input.
Best Answer
By default, account unlock is not urgently replicated. You can configure Urgent Replication for the Unlock Account operation: http://technet.microsoft.com/en-us/library/cc772726%28v=ws.10%29.aspx#w2k3tr_repup_how_huzs