locked
RODC RRS feed

  • Question

  • Hi, That is my first question. Thank you everyone

    One client can applicated group policy from one RODC?

     

    Thank

    Tuesday, November 16, 2010 8:32 PM

Answers

  • Hi,

     A client can apply group policy from an RODC, but there are a couple of things to look out for: first, RODCs don't store WMI filters so if there are any GPOs with a WMI filter, a connection to a read/write DC is needed otherwise the GPOs will fail to apply. Second, and this has more to do with editing than applying, editing GPOs should always be done in a site with a read/write DC. This is because RODCs will accept the SYSVOL changes to the GPO but not the AD object changes resulting in an inconsistent GPO.

    Thanks,

    Guy

    • Proposed as answer by Meinolf Weber Wednesday, November 24, 2010 12:39 PM
    • Marked as answer by Miles Li Tuesday, November 30, 2010 9:54 AM
    Tuesday, November 16, 2010 10:17 PM

All replies

  • Hi,

     A client can apply group policy from an RODC, but there are a couple of things to look out for: first, RODCs don't store WMI filters so if there are any GPOs with a WMI filter, a connection to a read/write DC is needed otherwise the GPOs will fail to apply. Second, and this has more to do with editing than applying, editing GPOs should always be done in a site with a read/write DC. This is because RODCs will accept the SYSVOL changes to the GPO but not the AD object changes resulting in an inconsistent GPO.

    Thanks,

    Guy

    • Proposed as answer by Meinolf Weber Wednesday, November 24, 2010 12:39 PM
    • Marked as answer by Miles Li Tuesday, November 30, 2010 9:54 AM
    Tuesday, November 16, 2010 10:17 PM
  • HI Guy, I am interesting in Deployed Printer Connections and Sofware Installation. Both generate a mistake, since they do not find the domine, but the dns this ok.

     

    Thank you


    Jesús Mªª Alvarez
    Wednesday, November 24, 2010 11:52 AM
  • Hello,

    please post an unedited ipconfig /all from the problem machine, the RODC and and a RWDC/DNS server in the main site of the domain.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, November 24, 2010 12:40 PM
  • The gpo applies herself correctly if dc and rodc is on. But if the dc is off, they dont apply.


    Jesús Mªª Alvarez
    Wednesday, November 24, 2010 1:25 PM
  • Hi,

     There can be many reason why an RODC isn't used correctly. I'd start by checking event logs on the RODC to check for any replication issues. I would also check event logs on the client to see why the GPO is failing. Finally I would check the IP address settings on the client and make sure that it points to multiple servers (so it can find AD when the RWDC is turned off).

     

    Thanks,

    Guy

    Monday, November 29, 2010 5:01 PM