Adding an additonal Domain Controller for a specific application

Hi folks, we're running a Server 2003 base domain here with a huge number of objects in it (10k+ users, 10k+ PCs, plus groups and 1k+ servers etc. etc.)

We have our main domain controllers set to limit the search default to 1k objects to speed up most user searches etc.

However, we have a 3rd party application which pushes out content to 90% of the PCs and (IMHO) it is poorly written in that it to get the names of the PCs that it needs to roll out to it queries the DC and sends out the content to the PCs it find. However, because of the sheer number of PCs we have it only finds the first 1k of the PCs and thus only deploys content to those PCs.

The 3rd party have suggested a fix of altering the registry on the default DC to read 20k searches, but I'm rather loath to do this, apart from making all searches take much longer, I don't fancy messing with the PDC just for a single application.

So, I was thinking of adding a secondary virtual DC with the necessary registry changes, and pointing the application to this DC. I suppose my big question is can you "hide" a secondary DC so that only specific applications or servers connect to it? If so, how would I go about it?

All the best,
Jeremy BromleyIT ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brett DanneyIT ArchitectCommented:
You can setup the DC to not be a global catalog server. You could place it in its own VLAN with an IP address that differs from your other sites. Because it is not a GC and because no PC's will have an IP in the site this will pretty much isolate the DC. You could even go one step further and make the DC read only. You would then be able to point the application to this DC as you planned.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.