Microsoft
Software
Hardware
Network
Question : enabling AD replication via IPsec on existing domain controllers
I have an existing AD domain with numerous sites. Currently, we are allowing AD replication through the firewalls with the "swiss cheese" method, allowing RPC, etc. To trim this down, we would like to start using IPsec encapsulation for AD replication between DCs. I'm currently following this article:
http://technet.microsoft.c
om/en-us/l
ibrary/bb7
27063.aspx
There is one discrepancy in that article that is troubling me, however. It says that I need to go to:
Start | Programs | Administrative Tools | Local Security Policy
However, this is not available on a domain controller. I only have 'Domain Security Policy' and 'Domain Controller Security Policy'. If I start defining ipsec policies using the 'Domain Controller Security Policy' link instead of 'Local Security Policy', won't those policies get replicated to all DCs? Will that be an issue?
Ideally, I'd like to enable ipsec on certain DCs as a test, and roll it out to other DCs as I verify it's working. I don't want to do a global ipsec configuration and activate it on every DC simultaneously.
Answer : enabling AD replication via IPsec on existing domain controllers
Thanks for your input, I agree that applying ipsec settings via group policy is not a good idea, as you stated. I would definitely apply settings to 2 domain controllers via secpol.msc and ensure that the configuration is filtered via ip address
Posted via EE Mobile
Random Solutions
How to separate multiple email accounts into different data files in Outlook 2010
Video Chat Capabilities
Shell command doesn't work on all computers
Setting Up Raid On Windows 2003 Server With Faulty Hard Drive
How can I parse the following string, store it in a variable and then use those variables to populate some txt fields?
Word 2002/xp: Error Message: "Run-time error '4248'; 'This command is not available because no document is open.'"
sbs 2008 backup configuration
Setting msExchMailboxSecurityDescr
iptor with VB.NET
run excel and run the enable auto refresh
String manipulation - SLB FP Equity --> SLBP.PA