RODC vs BDC
In the olddays, we used Bdc's on a branch office. We couldnt change a thing on the bdc's, couldnt add a user/pdc and so on. Now, the Bdc is back as a RODC. Can someone tell me if they use Rodc's, if so why and where(branche office?). What are the problems a Rodc is causing in daily administering tasks? And is the Rodc installed as a global catalogue?
June 22nd, 2011 11:22am

Hello, RODC means Read-Only Domain Controller. As now all DCs are RW then Microsoft added a new technology of DCs which is RODCs. Using RODCs you can benefit from: Reducing replication traffic as it is based on a one-way AD replication More security for AD environments as it is a read only DC means that you can not perform modify operations on it and then get replicated to other DCs. It is for that you can add it in branch office which physical security is not well ensured. Also, it is more secure to use RODCs due to filtered attributes and password replication policies ... Note that to add a RODC you have at least to have a RWDC in your domain with 2008 Server OS or higher installed. If you are planning to add a RODC in a branch office, I recommend installing DNS on it and configuring the password replication policy. More here: http://technet.microsoft.com/en-us/library/cc732801(WS.10).aspx This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2011 11:28am

You really want to research this more. I wouldnt recommend adding any additional complexity to any network design unless there is an actual business need that drives it. To answer your question with regard to the situations where an RODC is used, yes..the RODC is mainly deployed in situations like a remote office where physical security may be of concern. It also addresses the concerns where you may have a location with one server, the RODC, that requires additional software to be installed where the "admin" at the local site is not a domain admin, but more of a server admin. IN this scenario, AD is protected and the admin can manage the server. There are pre-reqs that have to put in place as Mr X described. If you proceed, I would suggest that you work with this in lab prior to deploying on your production infrastructure. Visit: anITKB.com, an IT Knowledge Base.
June 22nd, 2011 1:27pm

Hello, RODCs should be placed in branch offices with reduced physical security for example and if no admins exist in the site that you trust to manage the domain but that should be able to reboot the server or install some updates. There is no problem for daily tasks as the AD tasks must be done on RWDCs, so not in the remote location. An RODC can become GC and also DNS server without any problem. You also have to configure PRP, password replication policy, for users and computers so they are able to logon even the main site is not available. More details you will find in: http://technet.microsoft.com/en-us/library/cc754956(WS.10).aspx http://technet.microsoft.com/en-us/library/dd734758(WS.10).aspx http://technet.microsoft.com/en-us/library/cc725669(WS.10).aspx http://technet.microsoft.com/en-us/library/cc732632(WS.10).aspx Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2011 2:57am

many thanks for the replies. Is anyone using a rodc and what are the daily (dis)advantages youre encountering??
July 3rd, 2011 3:45am

It is that there is solutions that can not use it as a GC like Exchange. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2011 5:06am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics