Active Directory one way Sync to secondary Active directory

%3CLINGO-SUB%20id%3D%22lingo-sub-3068289%22%20slang%3D%22en-US%22%3EActive%20Directory%20one%20way%20Sync%20to%20secondary%20Active%20directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3068289%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Members%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20added%20new%20Active%20directory%20domain%20controller%20to%20our%20domain.%3C%2FP%3E%3CP%3EDuring%20the%20Active%20directory%20domain%20services%20configuration%20wizard%20we%20have%20selected%20primary%20active%20directory%20for%20replication.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20the%20users%20created%20in%20primary%20is%20replicating%20to%20secondary%20and%20the%20users%20created%20in%20secondary%20AD%20replicating%20to%20primary%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20we%20would%20like%20to%20have%20one%20way%20Sync%20i.e.%2C%20from%20Primary%20Active%20directory%20to%20secondary%20AD%20but%20not%20the%20other%20way%20around.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20configure%3F%20How%20this%20can%20be%20done%3F%20I%20couldn't%20find%20much%20information%20on%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20suggest.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EMahesh%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3068289%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

Hi Members,

 

We have added new Active directory domain controller to our domain.

During the Active directory domain services configuration wizard we have selected primary active directory for replication.

 

Now the users created in primary is replicating to secondary and the users created in secondary AD replicating to primary AD.

 

But we would like to have one way Sync i.e., from Primary Active directory to secondary AD but not the other way around.

 

Is it possible to configure? How this can be done? I couldn't find much information on this.

 

Please suggest.

 

Regards

Mahesh

1 Reply

@Mahesh610 It sounds like you may be looking for a Read Only Domain Controller. See: https://docs.microsoft.com/en-us/windows/win32/ad/rodc-and-active-directory-schema