OK, that makes sense, although as you say, this is still not possible. We don't (yet) have read-only DCs so this is just a non-starter :)
I'd still like to hear the justification / explanation for such a behaviour. neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: 10 June 2005 15:32 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Sites to restrict traffic, I read that differently than you did Neil. I read it as how do I allow replication to go in one direction... Into a site but not from the site back say like in a weird DMZ type configuration or something. If that is what the question is. The answer is you don't... Successfully. You may get it working but it will break when the DC can't update its own info in the rest of the environment. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Friday, June 10, 2005 5:44 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Sites to restrict traffic, If you have your site links and costs setup correctly to reflect your underlying network topology and infra, then this should not be a concern, since you have already informed AD where and how it should replicate data. If 2 sites are replicating and you do not want them to, then either remove the link, or increase the cost, but naturally, you need to ensure that an alternative path exists between these 2 sites. I'm intrigued to know why you think you need to enforce these restrictions. If your underlying network allows data to flow from A to B then why not allow AD to use that underlying transport system? neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube Sent: 10 June 2005 09:59 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Sites to restrict traffic, Hello, How can I use sites to prevent traffic from flowing from one site to another? I have a domain controller for each site, and I want to stop traffic flowing in certain direction (kind of like the trust relationships in windows NT). thanks r.c. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ============================================================================ == Please access the attached hyperlink for an important electronic communications disclaimer: http://www.csfb.com/legal_terms/disclaimer_external_email.shtml ============================================================================ == List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ============================================================================== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.csfb.com/legal_terms/disclaimer_external_email.shtml ============================================================================== List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/