Replication

Copper Contributor

Hello all,

 

I have a question about replication. I have a Parent and 3 child domains. "domain.com" being the parent and dev.domain.com, test.domain.com and prod.domain.com being the children. We are having security discussions from a design stand point and the goal is not having the children domain controllers replicate to or from each other. I am in Sites and Services and under "Default First Site name> Servers are all of the domain controllers, 2 per domain.

 

1. Is this realistically achievable?

2. How much of a lift will it take to get this to work?

 

I am a VM and storage administrator/engineer so my knowledge in active directory is very limited.

3 Replies

1. Is this realistically achievable?

 


Probably not. Read on here.    

Active Directory Replication Concepts | Microsoft Learn   

 

 

@alacard052003 just checking if there's any progress or updates? please don't forget to mark helpful replies.  

 

 

Hello,
That's not a good idea. Don't expect tight security within a forest - this is by design.
You may either create separate forests (without trust relationships), or just create a single domain, single forest with separate OU for dev, test and prod, then apply a hardening/delegation model to it (best option).