locked
RODCs Installation RRS feed

  • Question

  • Hi!

    We need to install win 2008 RODCs in our Branch Offices. Should we create separate sites for every branch or use the default site. What difference it can make?

    Thanks.

    Friday, March 15, 2013 6:56 AM

Answers

All replies

  • Hi,

    To replicate the domain partition to the RODC, you typically place a writable domain controller running Windows Server 2008 in the nearest site in your network topology to the site that contains the RODC. The nearest site in this sense is defined as the site that has the lowest-cost site link for the site that contains the RODC.

    An RODC that is placed in the same site as a writable domain controller does not provide security benefits. Some RODC features such as Administrator Role Separation can provide an administrative benefit. But to obtain security benefits, RODCs are intended to be placed in sites that are not as trustworthy as sites that have writable domain controllers.

    For more details, please go through the below articles:

    RODC placement considerations

    http://technet.microsoft.com/en-us/library/cc732632(v=ws.10).aspx

    http://technet.microsoft.com/en-us/library/ee522995(WS.10).aspx

    In addition, a similar thread for you:

    RODC

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/0bf69e48-8ab5-4fd0-9784-2d8ba5e483e4

    Hope this helps.

    Regards,

    Yan Li


    Cataleya Li
    TechNet Community Support

    • Marked as answer by Yan Li_ Monday, March 25, 2013 2:12 AM
    Monday, March 18, 2013 5:52 AM
  • Thanks for the reply. The nearest site is Head Office. I need to have an RODS in the branch. Is it recommended to have a separate site for this in Head Office?

    Thanks.

    Tuesday, March 19, 2013 3:33 PM
  • Yes, I think, we could set the RODC in a separate site to keep your main site more security.

    Regards,

    Yan Li


    Cataleya Li
    TechNet Community Support

    Wednesday, March 20, 2013 2:01 AM