Re: AD replication security
From: Jeromy Statia [MSFT] (jstatia_at_online.microsoft.com)
Date: 02/05/04
- Next message: Spin: "Re: Where is the "Apply Group Policy" Option??!!!"
- Previous message: Rob McShinsky: "Single-Signon with Kerberos Options/Direction"
- In reply to: Michael ray: "AD replication security"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 5 Feb 2004 13:46:09 -0800
if working with windows 2000 DC's refer to the following article:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;254949
Client-to-Domain Controller and Domain Controller-to-Domain Controller IPSec
Support
but pay close attention to
http://support.microsoft.com/default.aspx?scid=kb;EN-US;254728
IPSec Does Not Secure Kerberos Traffic Between Domain Controllers
when running Server 2003 please note the following articles:
http://support.microsoft.com/?kbid=810207
IPSec Default Exemptions Are Removed in Windows Server 2003
also the following link has some very interesting information on IPSec and
windows server 2003
http://www.serverwatch.com/tutorials/article.php/3109971
Hope this helps out and answers your questions
tx
-- Jeromy Statia [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "Michael ray" <anonymous@discussions.microsoft.com> wrote in message news:aa2501c3ebf1$15f6d710$a501280a@phx.gbl... > HI > > I would like to secure AD replication between DC`s with > IPSEC, what is the best way to it ?? > Should i secure only the replication ports or the entire > communication between the DC`s ?? > > Any other suggestions for replication security ???
- Next message: Spin: "Re: Where is the "Apply Group Policy" Option??!!!"
- Previous message: Rob McShinsky: "Single-Signon with Kerberos Options/Direction"
- In reply to: Michael ray: "AD replication security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
