Actually, the only potential way I see to do something like this would be to do an IPSec tunnel and play with routing.
In *nix, I'd say wrap it in an ssh tunnel and port forward as necessary, but this isn't *nix[1]. Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. [1] And I don't think that's a bad thing.... > -----Original Message----- > From: Kingslan, Rick T. [mailto:[EMAIL PROTECTED] > Sent: Monday, October 20, 2003 5:58 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] FSMO role holding DC's > > > Mark, > > If you mean direct, do they have to be able to communicate with it > one-on-one.... Hmmmm. I'm not aware of a method to proxy, as RID > requests must be made to the RID master, Infrastructure > updates won't be > a problem, PDC emulator might be an issue. > > If you're replicating (I assume that the DC is getting all AD > updates as > well as the SYSVOL keeping in synch with the rest of the > DC's?) it's not > easy to separate the functions. IOW, to my knowledge, you're either > replicating or you aren't. I don't know of a way to > distinguish between > AD and file replication at the DC's level. And, if you orphan a DC - > it's not really part of the domain anymore. It must communicate with > the domain or literally die. > > Clearly, you can change the schedule (frequency, time of day, etc.) - > and it wouldn't surprise me to have someone pop up here (Robbie, Dean, > Joe, Todd, Gil, etc.) and say - 'Sure you can do this, you can do > this....' Interesting topic, I'm not sure it's going to buy you much, > or that it's even really possible. > > SMTP is always an option.... > > Rick Kingslan MCSE, MCSA, MCT > Microsoft MVP - Active Directory > LAN Administration - Windows 2000 > West Corporation > [EMAIL PROTECTED] > > -----Original Message----- > From: Abbiss, Mark [mailto:[EMAIL PROTECTED] > Sent: Monday, October 20, 2003 4:58 AM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] FSMO role holding DC's > > > I have nudged this issue in an earlier post but would like to > ask again > for confirmation from the collective genius contained in this list. > > Do all DC's in a domain HAVE to have a direct connection to the FSMO > role holding machines or is there a way of "proxying" these roles ? > > What are some of the likely major implications of maintaining a DC > without access to FSMO role holders ? The DC in question is > replicating > with other DC's, so has all objects but just doenst have any > connection > to the FSMO role holders. > > Any thoughts ? > > Many thanks > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
