RE: [ActiveDir] How to completely isolate a DC?

[Almeida Pinto, Jorge de]

did you raise it on the "DC WITH the PDC FSMO role" or just a DC?
 
raising the DFL --> contacts the PDC FSMO
raising the FFL --> contacts the schema master FSMO
 
jorge
 


________________________________

        From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andy Wang
        Sent: Friday, November 17, 2006 17:38
        To: ActiveDir@mail.activedir.org
        Subject: Re: [ActiveDir] How to completely isolate a DC?
        
        
        The change is to raise domain functional from Windows 2000
native to Windows 2003 mode.
        
        As I understand, once I raised domain function level, the
ntMixedDomain attribute will be changed along with other functions (like
domain controller rename,user password support on the InetOrgPerson
objectClass, etc). 
        
        I want to test it on a isolated production DC first. Just in
case something happened, we can shutdown this DC without impact the
whole domain. Other than physical isolation or put a firewall in front
of the DC, is there any way to do it? 
        
        Thanks!
        
        Andy
        
        
        
        
        On 11/17/06, joe <[EMAIL PROTECTED]> wrote: 

                What exactly did you change and how did you change it?
                 
                --
                O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
                 
                 

________________________________

                From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andy Wang
                Sent: Thursday, November 16, 2006 3:20 PM
                To: ActiveDir@mail.activedir.org
                Subject: [ActiveDir] How to completely isolate a DC?
                
                
                
                I need to make a change across our domain. My plan is to
make the change on one DC and test it, then roll out to other 50 DCs.
                
                I tried to temporarily disable outbound replication of
Active Directory with repadmin by doing this: 
                
                repadmin /options +DISABLE_OUTBOUND_REPL
                
                To my surprise, the change I made still replicated to
other DCs immediately. 
                
                So how can I isolate a DC and make sure the change I
made not replicate to other DCs? 
                
                Thanks for your help!
                
                Andy
                




This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.