or ask them to take the MS 70-413 exam
ha ________________________________ From: [email protected] <[email protected]> on behalf of Joseph L. Casale <[email protected]> Sent: Monday, March 27, 2017 3:35 PM To: [email protected] Subject: [NTSysADM] Re: Limit Remote DC to selectively replicate certain OUs? Send them some Active Directory developers API docs and show them just how incredibly complicated AD really is. Most people incorrectly think AD is LDAP. That's not the case, its an application which implements an LDAP interface to an otherwise far more richer application... jlc ________________________________ From: [email protected] <[email protected]> on behalf of Fut Dey <[email protected]> Sent: Monday, March 27, 2017 12:49 PM To: [email protected] Subject: [NTSysADM] Re: Limit Remote DC to selectively replicate certain OUs? The compliant is latency and we haven't gotten any numbers to work with. "You'd end up with an inconsistent and broken mess..." and that's what we attempted to convey to upper management because there are additional objects in the directory that needs to be updated, GPOs, domain/enterprise admin accounts, etc. Management believes since all the relevant changes to computers, users, groups, etc, are within the OU of interest, that's all that needs to be replicated. Haven't been able to find any documentations to back our claim that it can't be done or it's bad practice. Regards, Fut ________________________________ From: [email protected] <[email protected]> on behalf of Joseph L. Casale <[email protected]> Sent: Monday, March 27, 2017 9:53:28 AM To: [email protected] Subject: [NTSysADM] Re: Limit Remote DC to selectively replicate certain OUs? Right, How would it handle a group that _is_ replicated which contains a member that _is not_ replicated? You'd end up with an inconsistent and broken mess... ________________________________ From: [email protected] <[email protected]> on behalf of Brian Desmond <[email protected]> Sent: Monday, March 27, 2017 8:28 AM To: [email protected] Subject: [NTSysADM] RE: Limit Remote DC to selectively replicate certain OUs? This isn’t possible. You can selectively replicate certain attributes, but you can’t selectively replicate objects. What is the replication issue you’re having? What does the network connectivity look like – latency, utilization, bandwidth, etc.? Thanks, Brian Desmond w – 312.625.1438[X] | c – 312.731.3132[X] From: [email protected] [mailto:[email protected]] On Behalf Of Fut Dey Sent: Saturday, March 25, 2017 3:10 PM To: [email protected] Subject: [NTSysADM] Limit Remote DC to selectively replicate certain OUs? Hi, Current AD environment has a single forest and domain with 55 OUs on Server 2012 R2 at 2012 forest and domain functional levels. One of the departments, ( aka OU), will be split up between 2 locations (half in the US, half in Asia) and will share local and remote resources. The staff in the US and Asia will rotate quarterly. We do have VPN in place and the remote office is having AD related latency issues among other things. Upper management has suggested the possibility of hosting a Read-only DC in the remote location and have that DC replicate only objects for that one single OU. Management has no interest in multi-forest nor multi-domain, etc. Is it possible to configure such a setup? Thanks, Fut
