Re: Core servers

From: "Jorge de Almeida Pinto [MVP]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
Date: Wed, 7 Jun 2006 21:08:28 +0200

the only to do that is to place those servers in a site linked with one or
more subnet(s) and will only be used in a last resort...

another way to prevent authentiction is to tweak the priority and the weight
of the SRV RRs of the DC with the FSMO roles or to only make it register
certain SRV RRs

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"peterc" <peterc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:311D4CC2-4D91-4D73-AD86-7A156E8FE6F1@xxxxxxxxxxxxxxxx

I am involved with an AD migration. The new domain structure is and empty
root, two DCs different sites, no user accounts. One child domain crossing
multiple sites. The designer has specified that the two domain controllers
holding the PDc, INF and RID roles for the child domain be isolated from
user
logons by placing in different subnet, authentication for user accounts
to
be carried out by other DCs on the site.
Given that authentcation is carried out to a local domain controller as
configured in Sites and Services, a local subnet will not isolate the two
DCs
holding these fsmo roles from being used to authenticate accounts,
separate
subnet or not. The term core servers is being used to describe these DCs
and
they are described as needing protection from user logons. Personally I
have
never heard of this configuration before. I cannot find any reference to
this
methodology. Can anyone shed any light on it?

Prev by Date: Re: Win2k DC boots with "systemced" error
Next by Date: Re: netgiag.exe Entry point not found
Previous by thread: Re: Core servers
Next by thread: Re: Core servers
Index(es):
- Date
- Thread

Relevant Pages

Re: Any reason for this DNS setup?
... we are going to retire all DCs. ... > promote and transfer FSMO roles on root and child domain; ... where the master _msdcs.us.local zone is, ... If you are going to use new servers, you will just add them as replica DCs, ...
(microsoft.public.windows.server.dns)
Re: 1 parent and 2 child domains in to 1 main domain
... demoting the child domain DCs will collapse ... What I would do is demote the child domains, and then promote those servers ... This way you have three DCs. ... Make the two of them GCs and DNS servers and ...
(microsoft.public.windows.server.active_directory)
Re: Move OU into its own Child Domain - Same Forest
... you want to take existing DCs and move them to the child domain as additional DCs? ... Also make sure that any clients that are using those services are remapped to existing servers and that you've at least 1 GC per site. ... Generally the DCs should be shutdown before Dcpromo to check if there're any problems, if everything ok, then dcpromo on the DCs. ...
(microsoft.public.windows.server.active_directory)
Re: Consolidating Domains
... Yep, migrate the child domain users, groups and computers into the parent ... Then reuse the servers as DCs in ... local DC/ GC and local DNS the line won't ...
(microsoft.public.win2000.active_directory)
Re: Help with setting up Sites.
... Site A - respresenting physical site B ... servers is increasing by the day. ... Do you have any DCs at SiteB? ... clients servers in the relevant sites to authenticate against them. ...
(microsoft.public.windows.server.active_directory)