Connection and disconnection of a DC

Sergio Gleser 20 Reputation points
2023-07-17T16:32:03.3366667+00:00

I have a small network with one DC and about 15 PCs.

I want to incorporate a second DC in order to have a backup scheme since some time ago we suffered a Rasomware attack.

My idea is to connect that second DC only a couple of hours a week, in order to replicate users, groups, permissions, etc. And then disconnect it again.

I want to avoid is that before a new attack, both the main one and the secondary one are rendered useless.

Is it possible to do this and still have the AD working correctly?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,575 questions
0 comments No comments
{count} votes

Accepted answer
  1. Dave Patrick 426.1K Reputation points MVP
    2023-07-18T22:21:27.7566667+00:00

    What other alternative can I consider?

    Routine backups. It's always recommended to have two of more domain controllers for high availability and disaster mitigation. Also
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Wesley Li-MSFT 4,436 Reputation points Microsoft Vendor
    2023-07-18T07:17:26.2966667+00:00

    Hello

    It’s generally not recommended to disconnect a domain controller from the network for extended periods of time. Domain controllers rely on regular communication with each other to keep their data synchronized and up-to-date. If a domain controller is disconnected from the network for an extended period of time, it may not receive important updates and changes, which could lead to inconsistencies and conflicts when it is reconnected.

    Instead of disconnecting the second domain controller, you could consider keeping it connected to the network and configuring it as a backup domain controller. This would allow it to receive regular updates and changes from the primary domain controller, ensuring that it has the most up-to-date information in case it needs to take over as the primary domain controller.

    If the response is helpful, please click "Accept Answer" and upvote it.