Query on RODC domain controller setup


  • Hi,

    I have a query where I am creating two Domain Controller one is in DMZ (i.e RODC) and one is outside DMZ (Writable copy).

    So my query is , is it possible to add a computer in a domain in DMZ site where we have RODC hosted ?

    Tuesday, February 28, 2017 11:55 AM

All replies

  • and one is outside DMZ (Writable copy).>>> I think you mean located on LAN :-) So RODC can't issue kerberos ticket, so without RWDC, rodc alone can't work.and first you need to configure ports between RWDC(LAN) and RODC (DMZ).Then you need to configure necessary ports for users to access the RODC.(DMZ.)

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, February 28, 2017 3:59 PM
  • Short answer for your query is No, and it is against the security best practices you plan to add computer in DMZ.

    DMZ is best for restricted access and not for write access and this zone is mostly secured from Internet/external access.

    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer

    Tuesday, February 28, 2017 10:39 PM
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Monday, March 6, 2017 8:30 AM