I have a domain with two domain controllers, all is good and working. I have a service provider offsite who I need to replicate our AD to ie. I have to setup a third DC on their side as part of our domain. All will be good with firewall, trusts and link between us. 

This service provider needs to populate the address field of the AD User accounts by way of user account object access via a service account provided by me.  My question is how do I configure the DC / Domain that it replicates AD to the remote DC for our service provider but does not attempt any authentication of users on my side?

All input welcome. N
1 Comment   [ - ] Hide Comment


  • This looks good https://technet.microsoft.com/en-us/library/cc787370(WS.10).aspx also I can disable the netlogon service on the offsite DC
Please log in to comment

Answer this question or Comment on this question for clarity


  • Thanks thats straight forward and direct but I have 700 clients. There's got to be a way to do this without relying on 'vintage' configuration files. I was thinking more from DNS perspective or the DC itself.
    • you can set up acl's to block the clients subnets from being able to communicate with that server. Only allow the ip(s) of the other DC(s) to talk to this server.
Please log in to comment