Wednesday, January 23, 2013 7:28 AM
1) I need to put a RODC in teh DMZ for directory lookups from our ISP. The RODC obviously need to be on the domain. Do i just open the appropriate ports to communicate from DMZ to internal network for replication, etc to take place properly or what is the best practices when it comes to RODC in a DMZ communicating to the rest of the network?
All are Win Server 2008 R2
2) seeing that there is a FW between Internal and DMZ which can make tracing traffic difficult can i just setup the RODC in the internal network and once it is setup and working move it to the DMZ - can that work or will it make my life difficult for some reason?
3) When alowing communication through the firewall would i need to restrict communication from the RODC in the DMZ to 1 DC only on the internal network or should i allow network traffic to all 3 writable DC's on the internal network?
Apprecaite all your help
- Edited by CraMey Wednesday, January 23, 2013 8:58 AM
Thursday, January 24, 2013 7:27 AM
Anyone with any input/comments/ideas?
Thursday, January 24, 2013 9:18 AM
check this link
Thursday, January 24, 2013 10:22 AMThanks for the link. I did read it but it does not answer any of the questions I posted originally
Monday, January 28, 2013 5:55 AMModerator
Please go through the below similar threads regarding to RODC in DMZ:
RODC in DMZ
RODC in DMZ - DNS questions
Installing a RODC into the DMZ - AD Configuration
Hope this helps.
TechNet Community Support
- Marked As Answer by Yan Li_Microsoft Contingent Staff, Moderator Wednesday, January 30, 2013 2:18 AM