Hi all,
We're using a single forest /single domain on a shared infrastructure (shared means here for multiple clients), in a centralized datacentre.
Some of our clients need on site domain auth services. I don't want to setup domain controller on client sites for security reasons.
Ideally I'd like to have a RODC on client site, but containing only the client OU. (I think it's not possible, RODC seems to contains all DS objects).
AD LDS could be an option, but I've read that domain authentication are forwarded to AD DC....
Does anybody have a suggestion to allow to replicate a part only of the directory on a remote site, and authenticate locally using domain credentials.
Thanks in advance,
Vincent