0

i have a subnet which contains an RODC, however a prejoined domain-server cant authenticate inside the subnet. Running a "nslookup domain.com" does return a list of every DC except the RODC. I found an article on technet which stated the PTR record is incomplete, well i checked and every entry is there forward/revers for the name/ip.

Any Idea why the RODC wont show up / do its work?

Kind Regards

Greg Askew
  • 34,339
  • 3
  • 52
  • 81
Shaeldon
  • 101
  • 4
  • The DCLocator process doesn't use nslookup domain.com or require PTR records. If the credentials for the user and computer security principals aren't on the RODC, it cannot authenticate on the RODC. – Greg Askew Mar 25 '20 at 17:14
  • @GregAskew as far as i understand the concept, if the rodc doesnt know my credentials, it should ask the rwdc he syncs from. Still, it cant even find the domain, thats the first problem here – Shaeldon Mar 25 '20 at 18:40
  • You need to check if `nltest /dsgetdc:domain.com` shows the RODC advertising as the KDC for the site from both the RODC and the member server. – Greg Askew Mar 25 '20 at 19:13

0 Answers0