Hi,
The schema:
My company new AD infrastrure (built from scratch) is made of
- 3 DC (DC01,DC02,DC03)
- 47 RODC
All servers are W2012 ,clients are W7
DC01 and DC02 are on the same site (SITE0) with a synchronization delay of 15 mn, cost 100
DC03 is alone on a remote site (SITE1) for AD backup. It is synchronized at a 7 days delay with DC01, cost 200 (MS best practice)
Each RODC is on a distinct site. So 47 RODC = 47 sites
The problem:
Some times when I join a computer on a remote RODC site, for example SITE20 (computer accounts are prestaged), the join is made with DC03.
Thus after reboot the user receives an error message at logon: "The trust relationship between this workstation and the primary domain failed" that's because SITE20 RODC is not uptodate . It's normal because DC03 is replicated each 7 days whith DC01 and for that reason the local RODC is not uptodate.
The solution I imagine is to forbid DC03 to be used as an active DC for AD management.
The question:
Is there a way to prevent hosts to join domain on DC03 ?
Is there a way to make our DC03 just a backup server and disable it playing any other game ?
Many thanks for your help.
Lou Gascou