I would visualize scripts/tools/applications that the admins don't really understand. Possibly it "slipped" through the integration team without them really understanding how it works. (that never happens huh??) Say an app that does a user creation and the developers figured that they want that ID everywhere quick so it then forces replication which isn't documented (because vendors don't always actually document what their apps do).
While I agree that you should be able to trust your admins, for something like this and you shouldn't be using anything you don't understand completely but I would also look for a means to protect myself if it were possible. Certainly it shouldn't be something that you say "Wow, since I have that, I can give Elmer Fudd the keys to the castle", anyone who is familiar with me knows I wouldn't say that. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Tuesday, May 30, 2006 12:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD lag sites and replication Neil asked... > I'm looking to implement one or more lag sites, with > staggered replication schedules. (i.e. NYC lag replicates > tues and thurs, 2-4 am; LON lag replicates mon, wed and fri 2-4 am). > > We're concerned that admins can still force replication > outside of these hours using repadmin or replmon etc. > > Is there a (supported) way to ensure that replication can > ONLY occur within the hours described above? Tell them not to? Seriously, if something is being put in place for a reason and it is explained to them, why would they want to go and work against it? Isn't the person implementing it someone in a position of authority to say "this is how we'll solve this problem"? As always... "there are seldom good technological solutions to behavioural problems". Given this is all hypothetical, and yet to be a problem, but you get what I am regurgitating here. My $0.02 inc GST. themolk. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
