Security Changes Not Immediately Applied

[MaintenanceMadeEasy]

I am having many problems in Windows 2000 Advanced Server where changes to security settings is taking a very long time to be applied. I know that this delay is supposed to be normal for DNS related issues, but does that include the Active Directory as well?

Being that I am a small business, I have been setting up the Server to handle multiple functions that include DNS, Web, FTP and Exchange. The Server has plenty of power with dual Opteron Processors and a meg of memory. It is connected to the internet by DSL Line and all ports have been open to accommodate the related tasks (i.e. 80, 20, 21, 110, etc). The server is still in "development" and not yet seeing any loads from outside the office.

Everything is runs beautifully until I have to make some type of change to IIS or Active Directory. When I do, it takes anywhere from of few minutes to a few hours before I the changes actually occur. Here are 2 examples:

Example 1:

Changing or Adding a virtual FTP Site causes the IE to Hang and eventually display a message that the FTP File cannot be found when trying to access the site. The prompted User Logon window is never shown. Sometimes it will open the site, but fails to display any of the content.

Example 2:

I create a new user in Active Directory, along with a mailbox for exchange. If I try to access the mail box or connect to FTP, nothing happens, at least not immediately. Eventually, all of the settings will take effect and everything runs problem free.

Can anyone please tell me what am I missing here? How can I get these changes to immediately take effect after clicking the "Apply" button?

My thanks in advance.

Graham

http://www.NewDimensionsUS.com

 

[Andreh]

This might be worth a go,

To enforce a security policy immediately do the following in a command box (dos):

secedit /refreshpolicy (USER_Policy)
secedit /refreshpolicy (MACHINE_Policy)


Refresh security settings
secedit /refreshpolicy
This command refreshes system security by reapplying the security settings to the Group Policy object.

Syntax
secedit /refreshpolicy {machine_policy | user_policy}[/enforce]


This is available from windows help. Security policys are refeshed throught automated propergation (not exactly sure, but 15 minutes ring's a bell), rebooting or forcing as stated above.

Secedit is available throught windows help.

Hope this helps.

 

[mtraversMSFT]

In addition, you may also want to force replication of your DCs. This can be done thru Active Directory Sites and Services. Open ADSS and expand your site, servers, under each DC you will see NTDS Settings. Select NTDS Settings and on your right, select the connector object(s) and right click and choose to replicate now.

Also the Recipient Update Service needs to run to "stamp" your newly created mailboxes with an email address. You can force this to take place immediately by selecting Recipient Update Service in Exchange System Manager and right click and choose update.

Hope this helps

--
Melissa Travers, MCSE
Microsoft Exchange Support

Please do not send email directly to this alias. This alias is for newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights.