The change is to raise domain functional from Windows 2000 native to Windows 2003 mode.
As I understand, once I raised domain function level, the ntMixedDomain attribute will be changed along with other functions (like domain controller rename,user password support on the InetOrgPerson objectClass, etc). I want to test it on a isolated production DC first. Just in case something happened, we can shutdown this DC without impact the whole domain. Other than physical isolation or put a firewall in front of the DC, is there any way to do it? Thanks! Andy On 11/17/06, joe <[EMAIL PROTECTED]> wrote:
What exactly did you change and how did you change it? -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm ------------------------------ *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Andy Wang *Sent:* Thursday, November 16, 2006 3:20 PM *To:* [email protected] *Subject:* [ActiveDir] How to completely isolate a DC? I need to make a change across our domain. My plan is to make the change on one DC and test it, then roll out to other 50 DCs. I tried to temporarily disable outbound replication of Active Directory with repadmin by doing this: repadmin /options +DISABLE_OUTBOUND_REPL To my surprise, the change I made still replicated to other DCs immediately. So how can I isolate a DC and make sure the change I made not replicate to other DCs? Thanks for your help! Andy
