Modify the replication security level of a configuration set
Updated: August 22, 2005
Applies To: Windows Server 2003 R2
To modify the replication security level of a configuration set
Open ADAM ADSI Edit.
Connect and bind to the configuration directory partition of an ADAM instance in the configuration set that you want to modify.
In the console tree, double-click the connection.
In the console tree, right-click the configuration directory partition, and then click Properties.
In Attributes, click msDS-ReplAuthenticationMode, click Edit, and then, in the Value box, set the appropriate value (2, 1, or 0).
To open the ADAM ADSI Edit snap-in, click Start, point to All Programs, point to ADAM, and then click ADAM ADSI Edit.
For information about how to connect and bind to the configuration directory partition of an ADAM instance using ADAM ADSI Edit, see Related Topics.
The default replication security level for a new ADAM instance is 1, unless a local workstation user account is specified as the ADAM service account, in which case the replication security level defaults to 0.
If the replication security level is set to 2, all replicating ADAM instances must register service principal names (SPNs) in Active Directory. For more information, see Related Topics.
The values for msDS-ReplAuthenticationMode and their corresponding replication security levels are described in the following table.
Replication security level Value Description Default environment
Mutual authentication required
Kerberos authentication (using SPNs) is required. If Kerberos authentication fails, the ADAM instances will not replicate.
The configuration set is fully contained within an Active Directory domain, forest, or forest trust.
Kerberos authentication (using SPNs) is attempted first. If Kerberos fails, NTLM authentication is attempted. If NTLM fails, the ADAM instances will not replicate.
The configuration set contains Windows NT 4.0 member servers.
All ADAM instances in the configuration set must use identical service account names and passwords.
The configuration set includes computers that are joined to one or more workgroups or to multiple domains or forests without trust relationships.