locked
RODC question RRS feed

  • Question

  • I have 2 site (A and B). A installed with writeable Dc and site B RODC.

    What happen when site A Offline. Can user from site A come to site B and login to RODC.

    jaie

    Friday, March 9, 2012 6:38 AM

Answers

  • Authentication Attempts on RODC only can be succedded If the user account creadentials are cached.

    If any of the user account creadentials are not cached then Login will fail.

    Refer Below link for better understanding,

    http://technet.microsoft.com/en-us/library/cc754956(v=ws.10).aspx

    http://windocuments.net/Rodc.html

    To make All of your domain users to login against RODC in case of RWDC Faliure then you have to enable Password Replication Policy on RODC.

    http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx

    Note - RODC's are mainly used in Branch Offices where there is no Security and there is no IT staff available to maintain it.

    It is not recommanded to make RODC to fulfill all the authencation request if your main RWDC fails.

    It is better to install Additional RWDC in your environment for fault tolerance.

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Proposed as answer by Server Engineer Friday, March 9, 2012 8:38 AM
    • Marked as answer by Lawrence,Lu Thursday, March 15, 2012 8:56 AM
    Friday, March 9, 2012 6:50 AM
  • The user can only login using RODC when WAN link is down, if the user account and computer account is cached else NO. As, you know RODC can't issue kerberos ticket and in order to system to form secure channel with RODC, you need to cache system too.

    RODC can't work alone and it can work during WAN failure from the RODC if system/users account are cached on the RODC. RODC is not the replacement of the writable domain controller, so for each and every update RODC contacts RWDC, so its better to have one more writable DC for redundancy purpose.

    It is also not a good idea to cache all the users in the RODC except the one in the RODC site.

    All About  (RODC) Read Only Domain Controllers

    http://awinish.wordpress.com/2011/10/04/rodc-read-only-domain-controller/


    Awinish Vishwakarma - MVP-DS

    My Blog: awinish.wordpress.com

    DisclaimerThis posting is provided AS-IS with no warranties/guarantees and confers no rights.


    • Proposed as answer by Server Engineer Friday, March 9, 2012 8:38 AM
    • Marked as answer by Lawrence,Lu Thursday, March 15, 2012 8:56 AM
    • Edited by Awinish Thursday, March 15, 2012 8:58 AM
    Friday, March 9, 2012 7:02 AM

All replies