Managing Directory Replication

One of the helpful tasks that Advanced Server performs is keeping shared resources current. This is accomplished through the Directory Replicator service. If you have a set of files that you want to distribute to many users, you can set up and maintain identical directory trees on multiple servers and workstations, and balance the workload among several computers.

To do so, configure one server as an export server, place the master copies of the files on the export server, and configure other computers to act as import computers.

Only one copy of each file needs to be maintained and every computer that participates has identical copies of those files. Every export server maintains a list of computers to which subdirectories are exported, and each import computer maintains a list of computers from which subdirectories are imported.

When you update a file in the directory tree on one server (the export server), the updated file is copied automatically to all the other computers (the import computers). Only servers running Advanced Server or Windows NT Server can be export servers; import computers can run Advanced Server, Windows NT Server, or Windows NT Workstation.

A file first is replicated when it is added to an exported directory and every time a change is saved to the file on the export server.

Directory replication helps to balance workloads. If you have many users who need to receive the same file periodically, you can replicate the file directory to several computers to prevent any one server from becoming overburdened.

You also can replicate directories between computers in different domains. Export servers can export to domain names and import computers can import from those domain names. This is a convenient way to set up directory replication for many computers; each export server and import computer needs to specify only a few domain names for export or import rather than a long list of computer names.

How Directory Replication Works

Directory replication is initiated and carried out by the Directory Replicator service. This service operates on each export server and import computer that participates in replication. The service on each computer logs on to the same user account, which you create for this purpose.

You set up an export server and import computers to send and receive updated files. An export path on the export server contains the directories and subdirectories of files to be replicated. Directories in an export path must be specified individually in order to be exported. When changes are saved to files in these directories, the files automatically replace the existing files on all of the import computers.

You also can specify whether the export server sends changes as soon as a file has changed or waits until an export subdirectory has been stable for two minutes. This prevents exporting partially changed subdirectory trees.

In addition, you can lock an export or import directory. Changes to a locked directory are not exported or imported until you unlock the directory.

On the export server, you can designate which computers or domains are to receive replicated copies of the directories the server is exporting.

An export server has the following path as its default:

/var/opt/asu/lanman/shares/asu/repl/export

All directories to be replicated are exported as subdirectories in the export path. Subdirectories created in the export path and files placed in those subdirectories are exported automatically. Export servers can replicate any number of subdirectories (limited only by available memory) with each exported subdirectory having up to 32 subdirectory levels in its tree.

An import computer has the following path as its default:

/var/opt/asu/lanman/shares/asu/repl/import

Imported subdirectories and their files are placed here automatically. You do not need to create these import subdirectories. They are created automatically when directory replication occurs.

A network can have multiple export servers. To ensure the integrity of replicated information, they usually do not export duplicate subdirectories. Each master export subdirectory usually is maintained on and exported by a single export server. It is possible to set up multiple servers that export the same subdirectory but the exported files in those multiple master subdirectories may not be identical.

Replication Prerequisites

Before a computer can participate in replication, you must create a special user account. Then for each computer in a domain that will participate in replication, configure its Directory Replicator service to log on using that special account.

In User Manager for Domains, create a domain user account for the Directory Replicator service to use to log on. Be sure the user account has the Password Never Expires option selected and all logon hours allowed.
After the user account is created for each computer that will be configured as an export server or an import computer, use Server Manager to configure the Directory Replicator service to start automatically and to log on under that user account. Be sure the password for that user account is typed correctly.

For more information on setting up the Directory Replicator service, see "To configure startup for a service" in Windows NT Help.

For information about managing user accounts, see Chapter 3, "Working With User and Group Accounts."

Setting Up an Export Server

Any computer running Advanced Server or Windows NT Server can be set up as an export server. Before you set up an export server, you must perform the following tasks:

Assign a logon account to the Directory Replicator service of the export server.
Create the directories to be exported. They must be subdirectories of the replication export path. The default is /var/opt/asu/lanman/shares/asu/repl/export.

Use the Directory Replication dialog box to set up an export server.

For more information, see "To set up an export server" in Windows NT Help.

Managing Exported Subdirectories

By clicking on Manage under Export Directories in the Directory Replication dialog box, you can manage certain features of subdirectory replication by the export server.

You can lock a subdirectory to prevent it from being exported to any import computers. For example, if you know that a directory will be receiving a series of changes that you do not want partially replicated, you can put one or more locks on the subdirectory in the export path. Until you remove the lock or locks, the subdirectory will not be replicated. The date and time the lock is placed is displayed so that you know how long a lock has been in effect.
When you stabilize a subdirectory, the export server waits two minutes by default after changes before exporting the subdirectory. The waiting period allows time for subsequent changes to take place so that all intended changes are recorded before being replicated.
You can specify whether the entire subtree (the export subdirectory and all of its subdirectories) or just the first-level subdirectory in the export directory path is to be exported.

To manage locks, stabilization, and subtree replication for the subdirectories exported from an export computer, click on Manage under Export Directories in the Directory Replication dialog box.

For information about how to manage export subdirectories, see "To Manage Locks, Stabilization, and Subtree Replication for Export Directories" in Server Manager Help.

Replicating Logon Scripts

Logon scripts are files that can be assigned to user accounts. Every time a user logs on, the assigned logon script is run. Logon scripts allow administrators to affect users' environments without managing every aspect of it. When a server processes a logon request, the system locates the logon script by combining a file name (specified in User Manager for Domains) with a path name (specified in Server Manager).

If you use logon scripts in a domain that has a primary domain controller and at least one backup domain controller, you should replicate logon scripts among the domain controllers. Master copies of every logon script for a domain should be stored in one replication export directory on one server. This can be the primary domain controller but it does not need to be. Copies of these master logon scripts should be replicated to every server that participates in authenticating logons for the domain. If this is done, only one copy of each logon script will need to be maintained and every server that participates in authenticating domain logons will have identical copies of every user logon script.

By default, Advanced Server computers export directories and logon scripts from the /var/opt/asu/lanman/shares/asu/repl/export/scripts directory, and import directories and logon scripts to the /var/opt/asu/lanman/shares/asu/repl/import/scripts directory. For the primary domain controller and each backup domain controller, the path to imported logon scripts must be entered in the Logon Script Path box of the Directory Replication dialog box.




	NOTE: The logon script path cannot be administered on computers running Windows NT Server as member servers or on computers running Windows NT Workstation. Logon scripts should be stored in /var/opt/asu/lanman/shares/asu/repl/import/scripts or in subdirectories of that path on these computers.

For information about managing logon scripts, see "Setting the Logon Script Path" in Server Manager Help.

Setting Up an Import Computer

Advanced Server, Windows NT Server, and Windows NT Workstation computers can be set up as import computers. A computer running Advanced Server or Windows NT Server that is configured as an export server also can be configured as an import computer.

Before you set up an import computer, you must assign a logon account to the Directory Replicator service of the import computer.

You must specify the full path of the directory to which the subdirectories will be imported. The default path is /var/opt/asu/lanman/shares/asu/repl/import.

On the import computer, you do not need to create imported subdirectories. Imported subdirectories are created automatically the first time they are imported.

Use the Directory Replication dialog box to set up an import computer. The Windows NT Server version of the Directory Replication dialog box is slightly different from the Windows NT Workstation version. The Windows NT Workstation version contains only the items relating to imported directories.




	NOTE: You can set up a server to replicate a directory tree to itself (from its export directory to its import directory). This replication can provide a local backup of the files, or you can use the import version of these files as another source for users to access, while preserving the export version of the files as a source master.

For more information about setting up import computers, see "Managing Import Replication" in Server Manager Help.

Managing Locks and Viewing Import Subdirectory Status

You can use locks to prevent imports to subdirectories on an import computer. Locking a subdirectory on an import computer prevents the replication of subdirectories to that computer until the lock is removed. Locking a subdirectory on an import computer affects replication to only that computer, not to other import computers.

You can manage locks on subdirectories and also view the status of each subdirectory by clicking on Manage under Import Directories in the Directory Replication dialog box.

The Status column can have one of the following four entries:

OK indicates that the subdirectory is receiving regular updates from an export server and that the imported data is identical to the data that is being exported.
No Master indicates that the subdirectory has received updates in the past but is not receiving updates currently. The export server might not be running or a lock may be in effect on the export server.
No Sync indicates that although the subdirectory has received updates, the data is not up-to-date. This could be a result of a communications failure, open files on the import computer or export server, the import computer not having access permissions at the export server, or an export server malfunction. It also could be the result of a large subdirectory in progress.
No entry (blank) indicates that replication never occurred for that subdirectory. Replication may not be configured correctly for this import computer, for the export server, or both.

The Last Update column shows the date and time of the latest change to the import subdirectory or to any of its subdirectories.

For more information on managing locks, see "To view a list of, or manage locks for, import subdirectories" in Server Manager Help.

Replication of Multiple Directory Trees

Imagine a scenario in which you have a domain that contains two directory trees that you want to replicate — one for logon scripts and one for other data. The groups of computers that need to import the two directory trees are different. Four domain controllers need the logon scripts; however, only two domain controllers and two Windows NT Workstation computers need to import the other data. The best solution is to set up different export servers for the scripts directory tree and the data directory tree.

Remember that a single export server has only one list of import computers to which it replicates. If you set up a single export server for the two directories, it exports both directory trees to all import computers even though not all import computers use both directory trees.

Replication Troubleshooting Tips

Directory replication problems can have a variety of causes. When the Directory Replicator service generates an error, it is displayed in the Event Viewer. The Event Viewer contains information about the Status column in the Manage Import Directories dialog box and information about messages that appear while you are configuring directory replication servers.

The following sections describe some of the common problems encountered during directory replication.

Access Denied

If the Event Viewer shows "access denied" errors for the Directory Replicator service, be sure the service is configured to log on to a specific account and that the account used by the import computer's Directory Replicator service has permission to read the files on the export computer.

The default permissions for an export directory grant Full Control to the Replicator local group. If Full Control permission is removed from the directory, exported files are copied to the import computers but receive the wrong permissions, and an access denied error is written to the event log. If necessary, click on Permissions in the export directory's Sharing tab to grant Full Control to the Replicator local group for the export directories.

Exporting to Specific Computers

Be sure to specify export servers and import computers in the To List and From List in the Directory Replication dialog box. If you fail to do so, exporting will occur to all import computers in the local domain, and importing will occur from all export servers in the local domain.

Lost Permissions in Import Directory

Do not use the Explorer or File Manager to examine permissions in the /var/ opt/lanman/shares/asu/repl/import directory. If you do, special permissions initially set there may be lost. These initial permissions enable directory replication to work; you do not need to change them.

Replication to a Domain Name Over a WAN Link

Directory replication to a domain name does not always succeed when some or all replication import computers are located across a wide area network (WAN) bridge from an export server. When adding names to the export To List on an export server, and when adding names to the import From List on an import computer, specify the computer names (instead of or in addition to specifying the domain name) for those computers separated by a WAN bridge.