Here is a three articles I've used to hide the PDC emulator and also hide a delayed replicated domain controller (A DC that only gets replicated once a day) using SRV records. These articles relate to using a lower SRV LDAP key but is good to help understand how to use DNS and SRV *magic* to hide DC's. My particular situation was to direct most LDAP calls to a few specific DC's and take load off other DC's. Sorry this is a bit off topic but is related and wanted to pass info along.
Use DNS Registration to Decrease the Workload on the PDC Emulator http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dssbe_upnt_xlfh.asp How to Optimize the Location of a Domain Controller or Global Catalog That Resides Outside of a Client's Site http://support.microsoft.com/default.aspx?kbid=306602 How to view and set lightweight directory access protocol policies by using Ntdsutil.exe in Windows 2000 http://support.microsoft.com/default.aspx?kbid=315071 * ----------------------------------------- * * Steve Schofield - MCP, CCA * [EMAIL PROTECTED] * * Microsoft MVP - ASP.NET * http://www.deviq.com * ----------------------------------------- * ----- Original Message ----- From: Myrick, Todd (NIH/CIT) To: [EMAIL PROTECTED] Sent: Thursday, September 09, 2004 2:16 PM Subject: [ActiveDir] Stopping a GC from doing Authentications Is it possible to configure a GC to perform GC functions, but to disable the ability to process authentication request? I was asked this question and figured this would be an interesting topic here. I know it is possible to mess with the SRV records to lower the priority of the server, etc. Thanks, Todd List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
