Forum Discussion
Domain policy difference in Primary/Secondary Domain Controller
K-AngDaft question, your DNS Client settings, on DC1 do you have DC2 as its primary address and on DC2 do you have DC1 as its primary? They should have their own address as secondary. Also ensure that the IPv6 address isn't ::1
It sounds like replication issue but you are getting account creation replicated across.
Are you editing the default domain policy for the password settings? It's worth noting that only one GPO can do the password policy on a domain
Dear Mark Lewis ,
Yes i have setup DC1 to have DC2 ip address as primary, same goes to DC2 as well. I could have just disable ipv6 but may i know why it cannot be ::1?
I have default domain policy for password settings but in that case i can't have kerberos policy setup because default domain policy is assigned to domain computer. May i know if i setup 2 policies with password policies inside and assigned separately will it work?
K-AngI've had all sorts of odd issues when the DNS client address has been ::1.
I don't believe you can. What you need to be looking at are Fine Grained Password Policies for running multiple policies.
Dear Mark Lewis,
Sorry for providing wrong information. There is only one domain policy that contains password policy, account policy, kerberos policy and security options. They are in default domain policy. However we have additional policies that defines rules other than the mentioned policies above.
K-AngSo, is the issue with other policies that set options other than password and kerberos not replicating? Things like Only use NTLMv2? Who can log on, drive mapping via preferences?