Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rodc]

40 questions
9
votes
2 answers

Win7 clients failing with cached credentials on samba4 RODC

I'm setting up a test environment for a customer about to deploy samba4 into 1400 remote sites and I'm running into a problem. It's my job, after all, to run into problems and then solve them. Active Directory forest root & single domain:…
MikeyB
  • 38,725
  • 10
  • 102
  • 186
8
votes
2 answers

Is there a difference in bandwidth consumption between a RODC and RWDC?

My organization has deployed 2008 RODCs on multiple seagoing platforms. The idea was to extend our shore-based domain onto our ships to better control security policies. RODCs were selected with the assumption they would consume less bandwidth. …
Dante M. DeAngelis
  • 81
  • 2
7
votes
1 answer

RODC and remote site

I have a two-site domain (call them Local and Remote). Site Local has our main IT infrastructure, including two Active Directory Domain Controllers (2008R2). We're trying to set up an RODC at site Remote, which for the most part works just fine. …
bab
  • 443
  • 1
  • 5
  • 12
6
votes
1 answer

Can Read-Only Domain Controller in External location work when VPN tunnel is down?

I have client which has multiple sites all over the world. They have 2 domain controllers in main location and every other location connects thru to main site with vpn tunnel. Currently the network is more or less disaster so I'm trying to fix it.…
MadBoy
  • 3,703
  • 13
  • 61
  • 93
4
votes
2 answers

Joining a NetApp to a domain on a Read Only Domain Controller

I have an isolated network, into which I've built a vfiler. The point of this network is that it's a non routed 'test' network. However, there's a need for LDAP/Kerberos and CIFS access to the filer, via domain level accounts. So we have Read Only…
Sobrique
  • 3,697
  • 2
  • 14
  • 34
4
votes
2 answers

Is it generally acceptable to expose LDAP in read only mode to the Internet?

I need to support Mac clients who need to access a LDAP server to locate SMIME keys. Since the keys are already in AD, and it's easy for me to create a RODC or read only forest where I push the certificates to, is it acceptable to expose…
makerofthings7
  • 8,821
  • 28
  • 115
  • 196
3
votes
1 answer

Restoring read only domain controller from VM checkpoint

I have several RODC on remote sites, and sometimes power failures corrupts ADDS database which takes some time to recover. I'd like to move RODC to virtual machine (on same server) to be able in case of failure just rollback to previous checkpoint.…
Somescout
  • 176
  • 9
3
votes
1 answer

Synchronizing RODCs to NTP servers?

I've read this nice article from Gareth Hooper regarding Domain Controller syncing to external time sources. In essence, he wrote that although Microsoft don't actually condone the practice, it's a good idea to pre-configure all DCs (especially the…
pepoluan
  • 4,918
  • 3
  • 43
  • 71
3
votes
1 answer

passwordless AD domain join

I remember back in the olden days of Windows NT you could create "blank" computer accounts so that anyone could join a computer of that name to the domain. I would like to do the same thing with Active Directory. Specifically: create a "blank"…
MikeyB
  • 38,725
  • 10
  • 102
  • 186
3
votes
1 answer

Possible to upgrade a Windows 2008R2 RODC Core Domain Controller to 2012 w/GUI

We have some W2K8R2 DCs that are installed in Core or Core/Read only mode. We would like to upgrade to Windows 2012. Our goal is to also remove the "read only" attribute, and add the GUI. Would upgrading to 2012 give us the ability to have a GUI?
makerofthings7
  • 8,821
  • 28
  • 115
  • 196
2
votes
1 answer

AD Forest/Domain Functionnal Rollback with DirSync/ADFS in place

At our main site we are running at 2012R2 (forest/domain) functional level and we currently have migrated our mailboxes to Office 365 using an exchange hybrid configuration with ADFS and Dirsync. We are actually planning to deploy RODCs in some of…
Maxwell
  • 5,026
  • 1
  • 25
  • 31
2
votes
1 answer

Trust relationship failure with RODC

I have numerous servers that sit in a DMZ which has an RODC in it as well. As you probably know, the machine passwords will change after a certain amount of time. After which I have to disjoin-rejoin these machines to the domain. Is there a better…
burns
  • 39
  • 1
  • 3
2
votes
2 answers

How to logon with local account? RODC "There are no logon servers to process your request"

I have a site-to-site VPN, writeable DC in the main office, Read-only DC in a branch office. Today the VPN went down, but I couldn't log in to the read-only DC - the error message came up There are no logon servers to process your request. Since the…
morleyc
  • 1,120
  • 13
  • 45
  • 86
2
votes
1 answer

Why can I create objects on my read only domain controller?

I have a Windows Server 2012 Domain Controller. I have configured another Server 2012 machine as a Read-Only Domain Controller. When I log in with domain administrator credential on my RODC I can create objects, but I should not be able to do…
samar
  • 31
  • 2
2
votes
1 answer

Best way to back up a domain controller before upgrading it from 2003 to 2008 OS?

I am trying to convert a DC from a 2003 DC to a 2008 RODC. Before I can do that, I must have a writable 2008 DC in my domain. I have a Windows 2003R2 x86 DC that I would like to upgrade to Windows Server 2008R2 x64. What is the best way to back this…
Mike
  • 165
  • 1
  • 4
  • 15
1
2 3