did you raise it on the "DC WITH the PDC FSMO role" or just a DC? raising the DFL --> contacts the PDC FSMO raising the FFL --> contacts the schema master FSMO jorge
________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Wang Sent: Friday, November 17, 2006 17:38 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] How to completely isolate a DC? The change is to raise domain functional from Windows 2000 native to Windows 2003 mode. As I understand, once I raised domain function level, the ntMixedDomain attribute will be changed along with other functions (like domain controller rename,user password support on the InetOrgPerson objectClass, etc). I want to test it on a isolated production DC first. Just in case something happened, we can shutdown this DC without impact the whole domain. Other than physical isolation or put a firewall in front of the DC, is there any way to do it? Thanks! Andy On 11/17/06, joe <[EMAIL PROTECTED]> wrote: What exactly did you change and how did you change it? -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Wang Sent: Thursday, November 16, 2006 3:20 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] How to completely isolate a DC? I need to make a change across our domain. My plan is to make the change on one DC and test it, then roll out to other 50 DCs. I tried to temporarily disable outbound replication of Active Directory with repadmin by doing this: repadmin /options +DISABLE_OUTBOUND_REPL To my surprise, the change I made still replicated to other DCs immediately. So how can I isolate a DC and make sure the change I made not replicate to other DCs? Thanks for your help! Andy This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.