AD/LDAP without the DC?

Tutorials Win: Microsoft Windows Forum

Is it possible to have a live replica of an AD domain without serving as a
domain controller? For various reasons (mostly management concerns) we would
like to dedicate a server for LDAP queries, but not have the system availble
for authentication. We thought about using a DC in a seperate site, but with
replication taking 15 minutes between sites (we're still in a Win2K
functional level), mgt really didn't like that option.

Thanks in advance.
Top

Re: AD/LDAP without the DC? by Jorge

Jorge
Mon Mar 24 13:04:52 PDT 2008


it is difficult to answer your question with PROS and CONS, but to answer
your question from a tech perspective

> Is it possible to have a live replica of an AD domain without serving as a
> domain controller? For various reasons (mostly management concerns) we
> would
> like to dedicate a server for LDAP queries, but not have the system
> availble
> for authentication.

yes, then you should configure that DC to only register the records needed:
see:
http://blogs.dirteam.com/blogs/jorge/archive/2007/06/30/dc-locator-process-in-w2k-w2k3-r2-and-w2k8-part-1.aspx

>>> for authentication. We thought about using a DC in a seperate site, but
>>> with
> replication taking 15 minutes between sites (we're still in a Win2K

that can be solved by enabling change notification on the ad site link

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Chris Shaw" <ChrisShaw@discussions.microsoft.com> wrote in message
news:62D89D55-5C46-47F9-A7BE-8DBB0CEC4647@microsoft.com...
> Is it possible to have a live replica of an AD domain without serving as a
> domain controller? For various reasons (mostly management concerns) we
> would
> like to dedicate a server for LDAP queries, but not have the system
> availble
> for authentication. We thought about using a DC in a seperate site, but
> with
> replication taking 15 minutes between sites (we're still in a Win2K
> functional level), mgt really didn't like that option.
>
> Thanks in advance.

Top