none
Active Directory Additional Domain Controller-

    Question

  • Active Directory Additional Domain Controller- Is it possible to create additional domain controller with only Single Object Replication-we don't want to replicate other Object to Additional domain controller-Like OU Replication Only...
    • Edited by Dev0099 Saturday, February 18, 2017 10:34 AM
    Saturday, February 18, 2017 10:31 AM

Answers

  • Hi,

    Can you tell me the purpose for replicating only one OU. If you want to install additional DC in second site and replicate only one OU so that users in second site see only that OU you can configure List Object Mode and like that hide everything.


    As far as I know all DCs in a certain domain contain the same information. there is no way to
    do that what you say but you can hide everything with List object mode
    • Proposed as answer by Wendy JiangModerator Friday, February 24, 2017 8:44 AM
    • Marked as answer by Dev0099 Thursday, April 27, 2017 4:31 PM
    Saturday, February 18, 2017 11:30 AM
  • Hi,

    You will need to configure List Object Mode to hide everything, I mean to block access so that Users in OU 1 are not able to browse and search and see people in OU 2.

    When you activate List Object Mode it will be applied to the whole domain. 

    Please take a look on this site https://social.technet.microsoft.com/wiki/contents/articles/29558.active-directory-controlling-object-visibility-list-object-mode.aspx

    It is important to have a separate, test environment when you configure this to learn how to configure permissions and everything before implementing it in production.

    I have already discussed about this on 

    https://social.technet.microsoft.com/Forums/office/en-US/8beefb4f-f819-470c-9963-7a14458432d9/list-object-mode-in-active-directory?forum=winserverDS



    • Edited by Nedim Mehic Saturday, February 18, 2017 5:28 PM
    • Proposed as answer by krishnaaindia Sunday, February 19, 2017 8:22 AM
    • Marked as answer by Dev0099 Thursday, April 27, 2017 4:31 PM
    Saturday, February 18, 2017 5:23 PM
  • Hi,

    As Nedim said, there is no reason of replicating only single object like OU to some ADDC.  Therefore, this is not possible.

    Mark it as answer, if this help.

    / Karim


    • Edited by Karim Buzdar Saturday, February 18, 2017 1:05 PM
    • Marked as answer by Dev0099 Thursday, April 27, 2017 4:30 PM
    Saturday, February 18, 2017 1:04 PM

All replies

  • Hi,

    As Nedim said, there is no reason of replicating only single object like OU to some ADDC.  Therefore, this is not possible.

    Mark it as answer, if this help.

    / Karim


    • Edited by Karim Buzdar Saturday, February 18, 2017 1:05 PM
    • Marked as answer by Dev0099 Thursday, April 27, 2017 4:30 PM
    Saturday, February 18, 2017 1:04 PM
  • Thanks  Mr.Nedim Mehic .Yes I want to hide everything...except only one OU for Site...How can we do that.....
    Saturday, February 18, 2017 3:16 PM
  • Also I want to hide everything on others site...except Single OU, Single Site...etc.....Site Admins need to be limited only to their own site, Own OU....n can we stop DSQuery for others sites users....so that others site even cannot search other site users except their own OU...
    Saturday, February 18, 2017 3:25 PM
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, February 24, 2017 8:44 AM
    Moderator