Re: AD/LDAP without the DC?

From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
Date: Mon, 24 Mar 2008 21:04:52 +0100

it is difficult to answer your question with PROS and CONS, but to answer your question from a tech perspective

Is it possible to have a live replica of an AD domain without serving as a
domain controller? For various reasons (mostly management concerns) we would
like to dedicate a server for LDAP queries, but not have the system availble
for authentication.

yes, then you should configure that DC to only register the records needed:
see: http://blogs.dirteam.com/blogs/jorge/archive/2007/06/30/dc-locator-process-in-w2k-w2k3-r2-and-w2k8-part-1.aspx

for authentication. We thought about using a DC in a seperate site, but with
replication taking 15 minutes between sites (we're still in a Win2K

that can be solved by enabling change notification on the ad site link

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Chris Shaw" <ChrisShaw@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:62D89D55-5C46-47F9-A7BE-8DBB0CEC4647@xxxxxxxxxxxxxxxx

Is it possible to have a live replica of an AD domain without serving as a
domain controller? For various reasons (mostly management concerns) we would
like to dedicate a server for LDAP queries, but not have the system availble
for authentication. We thought about using a DC in a seperate site, but with
replication taking 15 minutes between sites (we're still in a Win2K
functional level), mgt really didn't like that option.

Thanks in advance.

Prev by Date: .adm file
Next by Date: Re: .adm file
Previous by thread: .adm file
Next by thread: Network Infrastructure
Index(es):
- Date
- Thread

Relevant Pages

Re: [Full-disclosure] Thank you for help with management.
... I have read a lot of good reasons why this server is a bad idea, ... (seperated network segment, ... management gets its way, may be the cheapest - but worst solution. ...
(Full-Disclosure)
Re: DC, not a GC
... I've been presented with another series of reasons that you would want ... > Microsoft MVP - Directory Services ... >> get what a Domain Controller does, ... >> your GC, and I'm curious why you would promote a server at all, ...
(microsoft.public.win2000.active_directory)
Re: Bare Metal Domain Controller Migration
... See your posting under m.p.w.s.general and please do not multipost, if you need more groups use a newsreader like outlook express or another one and use crossposting. ... We have a domain controller running on a dell 2850 server which we ... One of the reasons we feel like we need to look at such products is ...
(microsoft.public.windows.server.migration)
Re: Simple user/password management?
... > Isn't there a simple way for users to manage/change their passwords ... the Workgroup with local management. ... Where is the problem to use the server as Domain controller? ...
(microsoft.public.windows.server.security)
Re: Moving mailboxes between machines
... >> thousands of mailboxes between servers for various reasons, ... > Domain Controller. ... > able to connect to the destination server; at least that is what the ...
(microsoft.public.exchange.admin)