How do I restrict NTDS Replication in Active Directory to specifiedDomain Controllers?

A

Alan Truism

How do I restrict NTDS Replication in Active Directory to specified
Domain Controllers


Our network is a hub and spoke configuration. All branches can route
to the main office, however they cannot route to one another.

How do I keep the domain controllers at the individual branches from
trying to replicate with one another? I want them all to replicate
with the domain controllers at the main branch (the hub) but I don't
want them to replicate directly to the other branches.


In AD sites and services the branch systems automatically generate
connections to DCs at branches they can't communicate with, which
generates errors.
 
M

Meinolf Weber [MVP-DS]

Re: How do I restrict NTDS Replication in Active Directory to specified Domain Controllers?

Hello Alan,

See the reply to microsoft.public.windows.server.networking

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> How do I restrict NTDS Replication in Active Directory to specified
> Domain Controllers
>
> Our network is a hub and spoke configuration. All branches can route
> to the main office, however they cannot route to one another.
>
> How do I keep the domain controllers at the individual branches from
> trying to replicate with one another? I want them all to replicate
> with the domain controllers at the main branch (the hub) but I don't
> want them to replicate directly to the other branches.
>
> In AD sites and services the branch systems automatically generate
> connections to DCs at branches they can't communicate with, which
> generates errors.
>
 
J

Jorge de Almeida Pinto [MVP - DS

Re: How do I restrict NTDS Replication in Active Directory to specified Domain Controllers?

DISABLE the option in sites and services "Bridge All Site Links" (on the
"Sites\Inter-Site Transports\IP" node)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"Alan Truism" wrote in message
news:116666ad-5fab-4eff-a2af-defbbcee71c1@g23g2000vbr.googlegroups.com...
> How do I restrict NTDS Replication in Active Directory to specified
> Domain Controllers
>
>
> Our network is a hub and spoke configuration. All branches can route
> to the main office, however they cannot route to one another.
>
> How do I keep the domain controllers at the individual branches from
> trying to replicate with one another? I want them all to replicate
> with the domain controllers at the main branch (the hub) but I don't
> want them to replicate directly to the other branches.
>
>
> In AD sites and services the branch systems automatically generate
> connections to DCs at branches they can't communicate with, which
> generates errors.
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4507 (20091014) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>

__________ Information from ESET Smart Security, version of virus signature database 4507 (20091014) __________

The message was checked by ESET Smart Security.

http://www.eset.com
 
J

Jorge de Almeida Pinto [MVP - DS

Re: How do I restrict NTDS Replication in Active Directory to specified Domain Controllers?

by the way...

I do assume only links exist between branch sites and the hub site

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"Jorge de Almeida Pinto [MVP - DS]"
wrote in message
news:O2CmFOPTKHA.4000@TK2MSFTNGP05.phx.gbl...
> DISABLE the option in sites and services "Bridge All Site Links" (on the
> "SitesInter-Site TransportsIP" node)
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no
> rights!
> * Always test ANY suggestion in a test environment before implementing!
> ------------------------------------------------------------------------------------------
> #################################################
> #################################################
> ------------------------------------------------------------------------------------------
>
> "Alan Truism" wrote in message
> news:116666ad-5fab-4eff-a2af-defbbcee71c1@g23g2000vbr.googlegroups.com...
>> How do I restrict NTDS Replication in Active Directory to specified
>> Domain Controllers
>>
>>
>> Our network is a hub and spoke configuration. All branches can route
>> to the main office, however they cannot route to one another.
>>
>> How do I keep the domain controllers at the individual branches from
>> trying to replicate with one another? I want them all to replicate
>> with the domain controllers at the main branch (the hub) but I don't
>> want them to replicate directly to the other branches.
>>
>>
>> In AD sites and services the branch systems automatically generate
>> connections to DCs at branches they can't communicate with, which
>> generates errors.
>>
>> __________ Information from ESET Smart Security, version of virus
>> signature database 4507 (20091014) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4507 (20091014) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>

__________ Information from ESET Smart Security, version of virus signature database 4507 (20091014) __________

The message was checked by ESET Smart Security.

http://www.eset.com
 
You must log in or register to reply here.

Similar threads

W
Active Directory custom application partition replication
Replies
0
Views
39
WojtekW_MCS
W
M
How to resolve Active Directory replication issue?
Replies
0
Views
46
Masab Bin Nasir
M
Y
The AD replication is working fine (verified using repadmin commands and active directory sites and services- ), but event ID 4012 continues to appear
Replies
0
Views
26
Yaser vp
Y
A
How to take Backup of the Current configured Domain, Active Directory
Replies
0
Views
41
{AK}
A
K
How to create custom attribute (CompanyID) in Active Directory
Replies
0
Views
40
[Kosala R Paranathala]
K
Back
Top Bottom