User Authentication on Domain Controllers

[dgproffi]

Does anyone know how to prevent a Domain Controller form
authenticating users?

We have some servers that are required to be domain
controllers to run a specific software. We do not wnat
these servers authenticating users. We have plenty of
other domain controllers to do that.

 

[Steven L Umbach]

I would post your question also in the win2000.active_directory newsgroup. I
am not sure how to do it in a way that would not cause a problem with it
participating in Active Directory replication, etc. Thoughts I have are
configuring _srv records with very high weight and priority for that dc,
but I am not sure offhand how to keep that record from being updated.
Another is to use ipsec to restrict which computers that can communicate
with it [altogether or just certain ports] being sure to allow other domain
contollers full access. --- Steve