Copper Contributor

Hello all,


I have a question about replication. I have a Parent and 3 child domains. "" being the parent and, and being the children. We are having security discussions from a design stand point and the goal is not having the children domain controllers replicate to or from each other. I am in Sites and Services and under "Default First Site name> Servers are all of the domain controllers, 2 per domain.


1. Is this realistically achievable?

2. How much of a lift will it take to get this to work?


I am a VM and storage administrator/engineer so my knowledge in active directory is very limited.

3 Replies

1. Is this realistically achievable?


Probably not. Read on here.    

Active Directory Replication Concepts | Microsoft Learn   



@alacard052003 just checking if there's any progress or updates? please don't forget to mark helpful replies.  



That's not a good idea. Don't expect tight security within a forest - this is by design.
You may either create separate forests (without trust relationships), or just create a single domain, single forest with separate OU for dev, test and prod, then apply a hardening/delegation model to it (best option).