Re: Denay replication in AD
- From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Wed, 27 Dec 2006 23:24:02 +0100
if the person is an ADMIN on ANY DC, you CANNOT prevent that person from
changing anything in AD.
It is that simple.... Longhorn server will provide a read-only DC which will
help you in what you want --> admin on a DC and to manage all kinds of
things, BUT not change ANYTHING in AD
if you want to prevent that person from changing anything in AD, either
remove his permissions or remove his domain admin membership....
can you explain what that person needs to do within the branch office?
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"mostarx" <jurislav@xxxxxxxxx> wrote in message
news:1167257091.512585.254040@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Because I do not want that admin on branch office can any change on AD.
Is thare way that i make AD on specific DC unwritable, so that nobady
can make any user or any changes.
Thank you
Harj je napisao/la:
Hi,
Well this can be done but like Jorge asks, is why?
To disable outbound replication for a particuar DC, use the following
command:
repadmin /options <dc name> +DISABLE_OUTBOUND_REPL
To re-enable outbound replication, run:
repadmin /options <dc name> -DISABLE_OUTBOUND_REPL
To disable inbound replication for a particular DC, use the following
command:
repadmin /options <dc name> +DISABLE_INBOUND_REPL
To enable inbound replication, run:
repadmin /options <dc name> -DISABLE_INBOUND_REPL
Good luck
Harj Singh
Power your Active Directory
www.specopssoft.com
Jorge de Almeida Pinto [MVP - DS] wrote:
nope...
why do you want this?
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"mostarx" <jurislav@xxxxxxxxx> wrote in message
news:1167251821.274246.219400@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello
I need advice. I have Active directory with four domain controller on
win 2003 in diferent sites. Problem is that I want that new user and
other settings can be changed only on first DC which is create when I
was create domain. Is there some way that I denay any changes on
other
DC or that I denay replicaion in two way so replication can go only
from first DC to other DC-s, not from others DC to first DC.
Thank you
.
- References:
- Denay replication in AD
- From: mostarx
- Re: Denay replication in AD
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: Denay replication in AD
- From: Harj
- Re: Denay replication in AD
- From: mostarx
- Denay replication in AD
- Prev by Date: Re: Denay replication in AD
- Next by Date: Re: Denay replication in AD
- Previous by thread: Re: Denay replication in AD
- Next by thread: Re: Denay replication in AD
- Index(es):
Relevant Pages
|
Loading
