Hi folks, we're running a Server 2003 base domain here with a huge number of objects in it (10k+ users, 10k+ PCs, plus groups and 1k+ servers etc. etc.)
We have our main domain controllers set to limit the search default to 1k objects to speed up most user searches etc.
However, we have a 3rd party application which pushes out content to 90% of the PCs and (IMHO) it is poorly written in that it to get the names of the PCs that it needs to roll out to it queries the DC and sends out the content to the PCs it find. However, because of the sheer number of PCs we have it only finds the first 1k of the PCs and thus only deploys content to those PCs.
The 3rd party have suggested a fix of altering the registry on the default DC to read 20k searches, but I'm rather loath to do this, apart from making all searches take much longer, I don't fancy messing with the PDC just for a single application.
So, I was thinking of adding a secondary virtual DC with the necessary registry changes, and pointing the application to this DC. I suppose my big question is can you "hide" a secondary DC so that only specific applications or servers connect to it? If so, how would I go about it?
All the best,