On Wed, 19 Apr 2006 14:15:08 GMT, blewis@iextensive.net wrote:

>We only have it running on the Master Domain Controller.

There's your problem. The password filter needs to be installed on all DCs in
the domain. Password changes can happen on any DC, and the filter needs to be
there to catch the new password before it gets encrypted.

>We have another
>DC but that should synchronize from the MDC, correct?

Yes, but only in encrypted format, so the filter can't get it and sync it.

In MAD, there is no master/primary/backup, all DCs are equal. So, anything you
do on one DC you can do on any DC. This is different from NT where the PDC did
everything and the BDCs were merely slaves.

David Gersic dgersic_@_niu.edu

I'm tired of receiving rubbish in my mailbox, so the E-mail address is
munged to foil the junkmail bots. Humans will figure it out on their own.