On 8/1/2012 5:56 AM, djbrightman wrote:
> Can someone please suggest a simple way to prevent AD Computer objects
> trying to sync in group membership?
> We have AD-eDir mirror sync, with groups only sync'd in particular
> subtree
> However some of the groups in AD are for computer objects and we can
> see loads of 8003 errors in the publisher channel as it pumps through
> the group membership referring to computer objects that aren't
> sync'd....
> It seems that in certain circumstances the sheer load of this causes
> the remote loader connection to fail....
> (The 'obvious' answer would be to have these groups not in that
> subtree, but the AD design doesn't allow for this and that is in the
> process of becoming the dominant (and eventually sole)
> directory....(eek! ;-))
> Any thoughts or suggestions?
> Cheers
> David

Just a thought .. another loose method would be if you had a naming
convention for the computer objects which you can remove from the DOM.