one forest one Domain set up.
I have 30 domain controllers. Mix of Windows 2008 + 2003 Domain controllers 92003 Functional Level). Divided into several sites with subnets
I want to prevent users from authenticating to few Domain Controllers (All AD 2008) temporarily for couple of weeks.We have some issues with a psynch dll not compatible with windows 2008 domain controllers. I dont want users to change password from AD 2008 DCs.
How do I acheive this?
1. I create dummy sites with out subnets and move the Windows 2008 DCs into that site? Are there any concerns here?
2. Do I prevent users changing pwd for Ctrl + Alt+ Del through GPO? this might grey out password change button but when real password expiry happens it will give option to change the password wimdow with new password optin I guess. thsi really not solve the problem.
My goal is to stop users hitting few windows 2008 DCs and prevent changing password from there.