I have a program which our Account Operators use to create accounts, rename
accounts, move accounts in AD, etc. which encapsulates some local rules,
accesses the HR data, and generally makes the process much easier than
using
the ADU&C or other basic tools. The program is in VB6.
After either a rename operation or a move, the distinguished name (DN) is
different. Often other operations may be needed on the same account which
was renamed/moved. Because the operations take place in different
modules,
it is not practical (and would be fairly complicated) to retain the new DN
after the rename/move to be used in a new operation on the same account.
Finding a new DN with nameTranslate often fails due to replication delays
(I
expect). In testing I observe that I can prevent program issues by adding
undesirable measured delays to the follow-up operations.
Two options are:
Retry operations which may be subject to replication delays.
Do all operations to a single domain controller (instead of not
specifying).
I favor the second option so that undesirable retry delays won't be
needed.
However, I am not sure how to maintain the affinity to a specific DC for
the
nameTranslate operation. I would pick a specific DC at program start
rather
than hard code any DC names.
I am hoping for advice on the second option or other good ideas.
|
