one-way replication of Active Directory

  • Thread starter Thread starter Dragan Terzic
  • Start date Start date
D

Dragan Terzic

How to setup replication of active directory between two
domain controllers so that one is master and other is
slave?
Slave should not allow any modifications, and only accept
updates from master.
Slave will be on the Internet, and therefore should not
accept any modifications on Active directory, even if
somebody guess Administrator password.
 
That is not possible and contrary to the benefits of an Active Directory
main. --- Steve
 
Yes, but this is hole in the security system.
If anyone with administrator's password (and there is
always possibility that someone guess or find password)
can modify LDAP data in DMZ, and (what is even worse) that
modification is automatically propagated to others domain
controllers, this whole system is totally unsecured.
I need ldap (389) port open for public access for reading
certain information.
Is there any way to make AD read-only for anyone
(including Administrator) on one domain controller? (I
need read-only copy of AD that is regulary updated from
other domain controler)
BR
 
I am not aware of any way to do that. You might post in the win2000.active_directory
newsgroup to see if anyone there knows a workaround. Good luck. --- Steve
 
Back
Top