Share via

A disconnected domain controller on a ship

Evan Francois Schotel 21 Reputation points
2022-08-03T07:32:41.56+00:00

Is it possible to place a domain controller on a ship that will connect to the domain occasionally, but always within sixty days?

If it is possible, what challenges will be experienced with the domain controller, and thus active directory?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,622 questions
0 comments
Accepted answer
  1. Gary Reynolds 9,416 Reputation points
    2022-08-04T03:04:30.92+00:00

    Yes you can disconnect the DC from the domain for an extended period of time but there are few things to take into consideration:

    • I would increase the tombstone period, to be on the safe side, this will increase the drive space for the DIT but shouldn't be significant
    • The DC on the ship should not hold any of the FSMO roles
    • I would assume there will be little or no need to create new objects when disconnected from the rest of domain. There is a risk of that the DC will running out of RIDs when disconnected from the network, this will prevent any new objects from being created
    • Ensure the clients on the ship are using the ship DC for name resolution and time
    • Any changes to the schema or domain structure should only be completed when the ship DC is connected to the network
    • User on the ship who enter incorrect password may experience an extended timeout before they receive an incorrect password error
    • Ensure that AD site and services are configured with a separate site for the ship DC and client, with the IP addresses correctly assigned to the site
    • If the clients are using DHCP for IP addresses, you will need a DHCP server on the ship, which issues the ship DC as the primary DNS server, with on shore DCs as secondary
    • When the ship DC is connected to the network, you need to make sure the DC sync correctly with the domain, before it's disconnected again.

    As with everything you will need to test the solution, and confirm there are no other dependency on the on-shore environment.

    Gary.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-08-03T12:59:13.59+00:00

    As long as it isn't disconnected from greater than tombstone lifetime. Also it is possible that this can result in a deleted objects being reintroduced into the directory.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  2. Limitless Technology 44,371 Reputation points
    2022-08-03T16:08:26.893+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having query related to Domain controller.

    You can place a domain controller offline , but it should be get Replicated or Synced with another Domain controller within 60 days to Tombstone lifetime and replication of deletions

    Reference :

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/information-lingering-objects

    ---

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  3. Evan Francois Schotel 21 Reputation points
    2022-08-12T08:06:29.96+00:00

    Thanks Gary, you have confirmed what I suspected.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.