none
User Authentication through RODC without replication RRS feed

  • Question

  • Hi experts,

    I have a problem...

    There is a DMZ enviroment (site) in my organization, and there is a RODC in it.

    We need the RODC to authenticate user accounts that uses the DMZ servers,

    without having the RODC turning to the main DC (that's located in another site) for it.

    We know that RODC can replicate passwords , using the group "Allow RODC Password Replication Group", but we do not want the server to replicate our passwords, for the DMZ is not fully protected by our firewall.

    Is there a way to make the RODC to authenticate users accounts without turning to the main DC, OR replicate our passwords?

    thanks!

    Tuesday, August 6, 2019 12:00 PM

All replies

  • Hello,Denden330,

    Thank you for posting in our TechNet forum.

    Accounting to our Knowledge,if we have PDC and RODC in our AD environment:

    If users authenticate through PDC or RODC first time, users credentials must be stored in PDC or RODC, so RODC must replicate user credentials in PDC. Because when users logon, DC will compare the user credentials in AD database, then we can authenticate successfully, so in this case RODE must replicate our passwords.

    If users authenticate through PDC or RODC second time or more time, and we do not change our user credentials(that is RODC store our credentials in its database),we can authenticate through RODC.



    Best regards,
    Vicky


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 7, 2019 8:31 AM
  • Hi,
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,
    Vicky


     


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 9, 2019 8:26 AM
  • Hi,

     

    Just want to confirm the current situations.

     

    Please feel free to let us know if you need further assistance.

     

    Best Regards,
    vicky


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 13, 2019 9:05 AM