Turn Off Inbound Replication
Updated: January 9, 2009
Applies To: Windows Server 2008, Windows Server 2008 R2
You can use this procedure and the repadmin command to turn off inbound replication so that Active Directory objects on a domain controller cannot be updated by replication from another domain controller.
You can manage the inbound replication state by setting a repadmin option to change the value in DISABLE_INBOUND_REPL. You change the state is by using a plus (+) to enable the disabled state (turn off inbound replication) and a minus (–) to disable (reverse) the disabled state (turn on inbound replication). When you apply the option, the command output confirms only that the DISABLE_INBOUND_REPL option is either new or current. It does not indicate “on” or “off.”
Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Domain Admins credentials, if requested, and then click Continue.
At the command prompt, type the following command, and then press ENTER:
repadmin /options <ServerName> +DISABLE_INBOUND_REPL
<ServerName>is the NetBIOS name of the domain controller.
Verify that the
DISABLE_INBOUND_REPLoption is in effect. The following message should appear:
Current DSA options: <Whatever options are set>
New DSA Options: DISABLE_INBOUND_REPL
Current DSA Optionsdisplays the conditions that were in effect at the time that you ran the command.
New DSA Optionsshows the effect of the command, which is that the
DISABLE_INBOUND_REPLoption is now in effect.