Understood !
We will follow your advices.
Cheers,
Yann
----- Message d'origine ----
De : "Almeida Pinto, Jorge de" <[EMAIL PROTECTED]>
À : [email protected]
Envoyé le : Lundi, 15 Mai 2006, 10h21mn 54s
Objet : RE: [ActiveDir] Lag site- disabling auth on Lag DC.
----- Message d'origine ----
De : "Almeida Pinto, Jorge de" <[EMAIL PROTECTED]>
À : [email protected]
Envoyé le : Lundi, 15 Mai 2006, 10h21mn 54s
Objet : RE: [ActiveDir] Lag site- disabling auth on Lag DC.
SRV records....
* make sure the DC only registers the CNAME SRV record which is used for replication
* don't assign the lag site DCs WINS servers, otherwise these will register the 1Ch record in WINS
* make sure the site link cost between the main site and the lag are higher than any other site links that also links to the main site
for the lag to work properly make sure you have at least one DC from each domain, because of eventual cross domain links (e.g. group memberships)
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>
________________________________
From: [EMAIL PROTECTED] on behalf of Yann
Sent: Mon 2006-05-15 21:36
To: [email protected]
Subject: [ActiveDir] Lag site- disabling auth on Lag DC.
hello all,
We are about to build a lag site for our AD recovery strategy.
We schedule replication Prod Sites <->Lag Sites one time a week.
We have one forest with a Root and Child domain.
The lag site will contain only one DC. We would like to disable clients auth on this DC. So I found 2 ways to do this:
1) Configuring the "DC Locator DNS Records" via a gpo.
or
2) Stop and disable the netlogon service.
What will be the best choice ? 1) or 2) ?
Shall i also disable the service server to avoid replication of sysvol too ?
Thanks for input.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
* make sure the DC only registers the CNAME SRV record which is used for replication
* don't assign the lag site DCs WINS servers, otherwise these will register the 1Ch record in WINS
* make sure the site link cost between the main site and the lag are higher than any other site links that also links to the main site
for the lag to work properly make sure you have at least one DC from each domain, because of eventual cross domain links (e.g. group memberships)
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>
________________________________
From: [EMAIL PROTECTED] on behalf of Yann
Sent: Mon 2006-05-15 21:36
To: [email protected]
Subject: [ActiveDir] Lag site- disabling auth on Lag DC.
hello all,
We are about to build a lag site for our AD recovery strategy.
We schedule replication Prod Sites <->Lag Sites one time a week.
We have one forest with a Root and Child domain.
The lag site will contain only one DC. We would like to disable clients auth on this DC. So I found 2 ways to do this:
1) Configuring the "DC Locator DNS Records" via a gpo.
or
2) Stop and disable the netlogon service.
What will be the best choice ? 1) or 2) ?
Shall i also disable the service server to avoid replication of sysvol too ?
Thanks for input.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
