I know many of you in here have been dealing with AD for a while. My organization is just at the very beginning of implementing it, and I had a question for you about replication and how Windows networking in general would work if certain ports and access were blocked between AD sites.
Since we're part of a large library consortium, the overall administrators are thinking of blocking off some of the ports that these recent spate of viruses/worms use (RPC) to help isolate the various library systems from each other. However, the possibility that this might break the way AD works is keeping them from doing this. They, and I, just don't know enough yet about how this works. Now, the root domain belongs to the folks at the downtown library, which controls the whole consortium, and each individual library system is then a domain which exists as a member of the forest (please excuse me if my terminology is a little off here). Bu, they're not concerned about cutting off the access between the root domain and the rest of us, but actually between the library systems themselves. So, our servers would still be able to replicate with the ones downtown, just not with the ones over at the other nearby library systems. I guess what I need to know from some of the folks out there who've been at this for a while... What is possible here? Can this kind of access be safely shut off between the libraries as long as the DC's still can replicate with the root domain? Will it break AD if the individual library systems cannot replicate between each other? IF this access is removed would it break AD in any other way? As it stands right now, my DC's are already set to not be replication partners with any of the adjacent libraries anyway, so my guess is that it wouldn't. However, I'm still focusing on user and machine control at this point and haven't really gotten to the networking aspects of it all. Any help or commentary (besides flames) would be appreciated. Thanks, Matt Hoffman ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED]
