Microsoft does not typically document what CANNOT be done. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Fut Dey Sent: Monday, March 27, 2017 2:50 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Re: Limit Remote DC to selectively replicate certain OUs?
The compliant is latency and we haven't gotten any numbers to work with. "You'd end up with an inconsistent and broken mess..." and that's what we attempted to convey to upper management because there are additional objects in the directory that needs to be updated, GPOs, domain/enterprise admin accounts, etc. Management believes since all the relevant changes to computers, users, groups, etc, are within the OU of interest, that's all that needs to be replicated. Haven't been able to find any documentations to back our claim that it can't be done or it's bad practice. Regards, Fut ________________________________ From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> <listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on behalf of Joseph L. Casale <jcas...@activenetwerx.com<mailto:jcas...@activenetwerx.com>> Sent: Monday, March 27, 2017 9:53:28 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] Re: Limit Remote DC to selectively replicate certain OUs? Right, How would it handle a group that _is_ replicated which contains a member that _is not_ replicated? You'd end up with an inconsistent and broken mess... ________________________________ From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> <listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on behalf of Brian Desmond <br...@briandesmond.com<mailto:br...@briandesmond.com>> Sent: Monday, March 27, 2017 8:28 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] RE: Limit Remote DC to selectively replicate certain OUs? This isn't possible. You can selectively replicate certain attributes, but you can't selectively replicate objects. What is the replication issue you're having? What does the network connectivity look like - latency, utilization, bandwidth, etc.? Thanks, Brian Desmond w - 312.625.1438 | c - 312.731.3132 From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Fut Dey Sent: Saturday, March 25, 2017 3:10 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] Limit Remote DC to selectively replicate certain OUs? Hi, Current AD environment has a single forest and domain with 55 OUs on Server 2012 R2 at 2012 forest and domain functional levels. One of the departments, ( aka OU), will be split up between 2 locations (half in the US, half in Asia) and will share local and remote resources. The staff in the US and Asia will rotate quarterly. We do have VPN in place and the remote office is having AD related latency issues among other things. Upper management has suggested the possibility of hosting a Read-only DC in the remote location and have that DC replicate only objects for that one single OU. Management has no interest in multi-forest nor multi-domain, etc. Is it possible to configure such a setup? Thanks, Fut
