Dear All, Dear all, We have Blade server HP460c two numbers and we have installed windows 2008 64bir server one server another server we made it addtional domain ( Subdomain ) now both server replication like ADS , DNS , GPO .It's working fine also 50 users member of domain . i have installed another one server 2008 and i have configured successfully of RODC domain . here i have doubt . Now Both domain replicated Head office server ADS,DNS all Users has been display in my Branch Users . and when i create new users from Head office server another second it has been replicated my branch server it's good But my branch people deleted my groups and many users . and also i don;t want to view branch users in my head office ADS , USers Group . pls tell me what is the best solutions. Regards Subash

Hellom I have not understood what you said. Could you please detail the problem? This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

Dear boss, I have replicated RODC server in branch , The branch server admin don't want to view head office server ADS, DNS Users also don't delete any users groups from head office server. Regards Subash

Hello, try to go to the properties of the wanted OUs and give Deny permission for the read right on that OU for the users/groups you want. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

Dear boss, Thanks to replay to my msg . I would like to say once again. i don't want to replicate ( Display , Viewing ) about OU , Groups and Users from branch server to head office server . Regards Subash

Hi Subash, >The branch server admin don't want to view head office server ADS, DNS Users also don't delete any users groups from head office server. What's your concerns? It's impossible to stop replicating from RWDC to RODC. Meanwhile, the RODC will not spread misinformation to the rest of the domain, even if a change is made on the RODC. Standard user cannot delete any objects from head office server. Any domain user or security group can be delegated to be the local administrator of an RODC without granting that user or group any rights for the domain or other domain controllers. Administrator role separation http://technet.microsoft.com/en-us/library/cc753223(WS.10).aspx#bkmk_separation Brent Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

Thanks Boss, I have small doubt ? my head office server 2008 64bit, my branch office server 2003 sp2 32 bit . is it possible for RODC ? Regards Subash

Hi Subash, RODC is not available for a domain controller that is running Windows server 2003. You have to deploy at least one writable domain controller running Windows Server 2008 or Windows Server 2008 R2 in the same domain as the RODC and ensure that the writable domain controller is also a DNS server that has registered a name server (NS) resource record for the relevant DNS zone. An RODC must replicate domain updates from a writable domain controller running Windows Server 2008 or Windows Server 2008 R2. Prerequisites for Deploying an RODC http://technet.microsoft.com/en-us/library/cc731243(WS.10).aspx Brent Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”