From: John Cuccia 

On Wed, 2 Mar 2005 21:20:30 -0500, "Geo"  wrote:

>"John Cuccia"  wrote in message
>news:pat8211o60fecum89i2mni5929gojijvlj{at}4ax.com...
>
>> >What about replication from a BDC back to the PDC if someone at a remote
>> >location where there is only a BDC decides to change something?
>>
>> NT4 domains don't work like that, all changes take place at the PDC
>> and replicate to the BDC's.
>
>example, two locations, main and remote. Main has the PDC and remote has a
>BDC. The link between sites is down and a user at remote changes his
>password.
>
>example two, one location, BDC and PDC located there, PDC is down for
>maintenance and a user changes his password.

Users can't change passwords without a connection to the PDC (I'm not sure
what happens when they try):

http://support.microsoft.com/default.aspx?scid=kb;en-us;266729
The major role that Netlogon plays on domain controllers is in SAM
synchronization. Only the PDC has a writeable copy of the SAM (with the
exception of Last Logon Time), and all changes that are made to the SAM
need to be written to the BDCs. Any change to a user, group, machine
account, trust, and so on, is recorded on the PDC.



According to this article, only a few pieces of info are sent
"upstream" in an NT4 domain.  It mentions user lockouts and trust
account password changes in particular.  It also says that password changes
happen on the PDC.
http://support.microsoft.com/kb/185952/EN-US/

--- BBBS/NT v4.01 Flag-5