locked
Win2008 RODC RRS feed

  • Question

  • Hi

    Could you please assit without sync how many days RODC will work

    we have one RODC dC in my branch office no thernet for another 60 days . If i connect my RODC afer 60 days it may work or not please helo

    regrads

    S.Venkatesan

     

    Wednesday, August 24, 2011 12:53 PM

Answers

  • Wednesday, August 24, 2011 12:57 PM
  • What operations fail if the WAN is offline, but the RODC is online in the branch office?

    If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub, the following branch office operations fail:

    ·      Password changes

    ·      Attempts to join a computer to a domain

    ·      Computer rename

    ·      Authentication attempts for accounts whose credentials are not cached on the RODC

    ·      Group Policy updates that an administrator might attempt by running the gpupdate /force command

    What operations succeed if the WAN is offline, but the RODC is online in the branch office?

    If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub, the following branch office operations succeed:

    ·      Authentication and logon attempts, if the credentials for the resource and the requester are already cached.

    ·      Local RODC server administration performed by a delegated RODC server administrator.

     

    RODC FAQS

    http://technet.microsoft.com/en-us/library/cc754956(WS.10).aspx

     


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
    Wednesday, August 24, 2011 1:10 PM
  • To follow up my previous response (Thanks to Guido).  I over looked the fact that you would create lingering objects on the RODC similar to any other DC, via any objects that have been deleted on a different DC (After the tombstone life time) would never get replicated to be pruged on the RODC.  Now you wouldn't have to worry about this RODC ever replicating them back out since its replication is inbound but...

    You need to be aware of the tombstone lifetime on this RODC same as a standard RWDC.

     --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, August 24, 2011 1:23 PM

All replies

  • Wednesday, August 24, 2011 12:57 PM
  • Not sure how you are referring this question?  If the RODC isn't connected to the network then it won't have inbound replication available, so non cached users won't be able to authenticate to AD.

    As far as references to the tombstone lifetime, since they don't have outbound replication they should be able to go beyond there the AD defined lifetime I believe.  I am not positive on this though and I will see if I can find out further details.

    I will post if there is any inaccuracies on this statement.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, August 24, 2011 1:05 PM
  • What operations fail if the WAN is offline, but the RODC is online in the branch office?

    If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub, the following branch office operations fail:

    ·      Password changes

    ·      Attempts to join a computer to a domain

    ·      Computer rename

    ·      Authentication attempts for accounts whose credentials are not cached on the RODC

    ·      Group Policy updates that an administrator might attempt by running the gpupdate /force command

    What operations succeed if the WAN is offline, but the RODC is online in the branch office?

    If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub, the following branch office operations succeed:

    ·      Authentication and logon attempts, if the credentials for the resource and the requester are already cached.

    ·      Local RODC server administration performed by a delegated RODC server administrator.

     

    RODC FAQS

    http://technet.microsoft.com/en-us/library/cc754956(WS.10).aspx

     


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
    Wednesday, August 24, 2011 1:10 PM
  • To follow up my previous response (Thanks to Guido).  I over looked the fact that you would create lingering objects on the RODC similar to any other DC, via any objects that have been deleted on a different DC (After the tombstone life time) would never get replicated to be pruged on the RODC.  Now you wouldn't have to worry about this RODC ever replicating them back out since its replication is inbound but...

    You need to be aware of the tombstone lifetime on this RODC same as a standard RWDC.

     --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, August 24, 2011 1:23 PM
  • Hi,

     

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

     

    Regards,

     

    Arthur Li

    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, August 30, 2011 6:47 AM