How to set up domain controllers on different subnets?

M

MedicineMan2019-05-06 12:11:51

Active Directory

MedicineMan, 2019-05-06 12:11:51

I want to create a secure (fail-safe) active directory structure. To do this, I plan to deploy a 3rd domain controller. Two of which will be read only and 1 writable. I plan to cut off the Writable controller from users. Actually, how to configure DNS and sites with this configuration, and will there be pitfalls?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

#

#, 2019-05-06
@mindtester

And how do you think they will be able to synchronize? (and who needs unsynchronized "ridonly" if "wrightable" collapses ? )
ps I would add 2-3 more words - it makes sense when using intersite replication (for example, you have a head network in the regional center, and a branch in the collective farm) in the local area - make regular backups, delegate administration functions to employees with sufficient qualifications. and raise its level (qualifications)

2

20ivs, 2019-05-06
@20ivs

so-so scheme, culturally speaking. It doesn't even make sense to answer this question. fault tolerance with ridonly servers....
if you want fault tolerance within the same domain, then do as usual - two of the most common full-fledged DCs, well, or at least five DCs, at your discretion. no need to think that you are smarter than everyone and compose some kind of muddy schemes.

A

Alexander, 2019-05-07
@Warlok9OOO

Can I clarify: what type of attack do you plan to protect against by leaving only "read only" controllers to users? What user actions are you afraid of?