True - would work. But, why not just shut off netlogon? Seems to be about the easiest way to be sure that it's not going to answer requests for authN.
Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, June 09, 2004 1:15 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Preventing a DC from authenticating users Why not create a dummy site, and move the DC into it? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A Sent: Tuesday, June 08, 2004 4:06 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Preventing a DC from authenticating users I want to stop a specific DC from authenticating users as part of a test. The server also provides DNS for the clients, so I don't want to shut down the box during the test - I just want it to be 'invisible' to clients looking for a DC for the duration of the test (a couple of days max). Is 'net stop netlogon' and deleting the appropriate GC and LDAP SRV records a reasonable way to go about this ? Will this prevent replication? Any other ideas to accomplish this ? Thanks! Dave Fugleberg List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
