0

I have problems with the DSA-Signature attribute being updated in the schema naming context (NC schema) when backing up the system state of a domain controller.

Windows clients running ADSI applications and scripts query these reference attributes to detect updates in the added schema. When they detect such updates, ADSI clients download an updated copy of the aggregated schema from a domain controller through an LDAP read.

This backup causes an excessive sending of packages and ends up taking all the upload bandwidth, I could not find a way to disable the backup of the state of the system of a domain controller.

WAN ADAPTER

Process Lsass.exe - LPAP

I ran the tcpview and read a bit about LDAP, I could conclude that it is a backup that the DSA-Signature attribute

Process: Lsass.exe | PID: 844 | TCP | LocalAddress: SERVIDOR | Local Port: ldap | Remote Address: SERVIDOR | Remote Port: 0 | Stated: LISTENING | Sent Packets: 44.775 | Sent Bytes: 135.589.750 | Rcvd Packets: 45.007 | Rcvd Bytes: 2.297.315

Diego Martinez
  • 129
  • 2
  • `I could not find a way to disable the backup of the state of the system of a domain controller` - Well, you shouldn't want to disable the System State backup of a Domain Controller. What if you needed to recover the DC or the Domain/Forest and you didn't have a backup? – joeqwerty Jun 07 '19 at 22:19
  • Ok, but I want it to be done manually, when I schedule it – Diego Martinez Jun 08 '19 at 14:35

0 Answers0