Replication Increased by ANNOUNCE_IMMEDIATE Events

 Last reviewed: March 27, 1997
Article ID: Q154502
The information in this article applies to:
  • Microsoft Windows NT Server version 4.0
  • Microsoft Windows NT Workstation version 4.0

SUMMARY

You may experience an increase in replication occurrences as a result of ANNOUNCE_IMMEDIATE events.

MORE INFORMATION

Security account manager (SAM) and local security authority (LSA) replication can fall into a number of categories, including immediate (or urgent) replication. Most replication handled by the Net Logon service occurs at set intervals, but certain types of account or policy changes are considered urgent and must be handled immediately, causing an ANNOUNCE_IMMEDIATE event to be generated and acted upon by the primary domain controller (PDC). The following replications are considered urgent:

  • Changing the account lockout policy.
  • Changing the domain password policy.
  • Changing the password on a machine account.
  • Replicating a newly locked-out account.
  • Changing an LSA secret (essentially the "trusting" side of changing the machine account password).

These changes are immediate by necessity. For example, if a workstation were to change its machine account password and then lose its connection to its domain controller, it would not be able to connect to any other domain controller until the replication occurred.

As a part of Windows NT security, machine account passwords are changed every seven days. As a side effect of this automatic machine account password change, a domain with a large number of computers and domain controllers may cause replication to occur on a frequent basis.

Some administrators may want to disable these automatic machine account password changes. For information about how to disable automatic machine account password changes, please see the following article in the Microsoft Knowledge Base: 

   ARTICLE_ID: Q154501
   TITLE     : How to Disable Automatic Machine Account Password Changes

Additional query words: prodnt
Keywords : kbnetwork ntsecurity NTSrvWkst
Version : 4.0
Platform : WinNT

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: March 27, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.