Not sure if this is what you need. In any case, the GPO setting
related to disabling Generic SRV record registrations and SRV
weighting can be found under the Computer Configuration Node of a GPO:
Administrative Templates
System
Netlogon
DC Locator DNS Records
These settings are disccused in Chapter 4: Planning DNS of the Windows
Server 2003 Active Directory Branch Office Deployment Guide.
-Arden
On 5/19/05, Rick Kingslan <[EMAIL PROTECTED]> wrote:
> You're right - to each his own. I don't fully understand how disabling
> Netlogon on dedicated Lag Site servers is going to raise TCO. And, if the
> precedent is set that if a DC goes into the Lag Site that the Netlogon
> service is disabled - again, I don't really understand how that would add
> effort or complexity.
>
> SRV weighting via GPO..... Huh. That's one I've not seen. Which policy
> element would allow that?
>
> And, make no mistake - the Lag Site procedure pretty much relies on the DR
> DCs being in a separate, and quite distinct, site with very different
> settings from what I would implement as 'Production-based' DCs. I guess
> that's one reason why I have them deployed to my warm site, rather than in
> the data center.
>
> -rtk
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil
> Sent: Thursday, May 19, 2005 11:01 AM
> To: 'ActiveDir@mail.activedir.org'
> Subject: RE: [ActiveDir] AD DR - replication lag site
>
> I guess I find my solution more elegant and cheaper to manage/maintain. I
> try to avoid implementing changes to one DC but not others. The TCO tends to
> go thru the roof :)
>
> DCs placed in a separate site and/or configured with different SRV
> weightings via GPO can/does work and is simpler to manage IMHO. Additional
> DCs can then be added to that site (from other domains for example) with
> minimal effort and changes to docs/processes etc.
>
> neil
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
> Sent: 19 May 2005 15:59
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD DR - replication lag site
>
>
>
> Just two things...
>
> Disable Netlogon. If it's disabled as a policy or by going to services and
> changing the service properties, restarting on reboot won't be an issue.
> Disabled is disabled, regardless.
>
> As to DNS records, I suppose that if the Netlogon service is disabled
> (primary for registering the SRV records) one could remove the _kerberos
> records for the lag site servers. I can pretty much assure that without
> Kerberos records, the DCs will not be offered up as authN points.
>
> -rtk
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil
> Sent: Thursday, May 19, 2005 2:46 AM
> To: 'ActiveDir@mail.activedir.org'
> Subject: RE: [ActiveDir] AD DR - replication lag site
>
> That solution is fine until the machine is rebooted and netlogon starts
> again
> :)
>
> Why not change the DNS SRV record priorities/weights? Or alternatively,
> place the DC in a separate site, which consists of just 1 subnet (i.e. the
> subnet where the DC itself lives).
>
> If DNS records are removed, then the DC will fail to authenticate and
> replicate with other DCs.
>
> neil
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dan Holme
> Sent: 18 May 2005 23:12
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD DR - replication lag site
>
>
> I have several large clients who are going this direction and are in testing
> right now. Things look quite good.
>
> I had read somewhere that an alternative approach to preventing
> authentication to the 'lag' DCs was to stop the Netlogon service. The
> approach of removing DNS records seems more elegant, and I'll be interested
> to hear ppls thoughts on these alternatives.
>
>
>
>
> Dan
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Danny
> Sent: Wednesday, May 18, 2005 6:45 AM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] AD DR - replication lag site
>
> I am interested in your thoughts regarding this suggestion for DR:
>
> <http://searchwin2000.techtarget.com/tip/1,289483,sid1_gci1086805,00.htm
> l>
> (You may need to register)
>
> Basically it states that you should create another AD site and set the
> replication for 168 hours.
>
> Thank you,
>
> ...D
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> ============================================================================
> ==
> This message is for the sole use of the intended recipient. If you received
> this message in error please delete it and notify us. If this message was
> misdirected, Credit Suisse, its subsidiaries and affiliates (CS) do not
> waive any confidentiality or privilege. CS retains and monitors electronic
> communications sent through its network. Instructions transmitted over this
> system are not binding on CS until they are confirmed by us. Message
> transmission is not guaranteed to be secure.
> ============================================================================
> ==
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> ============================================================================
> ==
> This message is for the sole use of the intended recipient. If you received
> this message in error please delete it and notify us. If this message was
> misdirected, Credit Suisse, its subsidiaries and affiliates (CS) do not
> waive any confidentiality or privilege. CS retains and monitors electronic
> communications sent through its network. Instructions transmitted over this
> system are not binding on CS until they are confirmed by us. Message
> transmission is not guaranteed to be secure.
> ============================================================================
> ==
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
