none
Deploying RODC fails RRS feed

  • Question

  • We are currently building a reslient SSO infrastucture and would like to deploy an RODC in order to service the authentication requests to our ADFS servers.

    The domain functional level is server 2003 as we currently still have Server 2003 DCs.  All FSMO roles are currently held by a Server 2003 DC.

    We have 2 writeable 2008R2 DCs, one of which is in the same site as the FSMO Role holder.

    We have ran adprep /Forestprep, adprep /domainprep and adprep /rodcprep and these all completed with no issues logged however the Replication groups for the RODCs have not been created.

    When attempting to add the 2012 RODC we get to the Domain Controller Options->RODC Options and after a period of time (assuming AD is being queried for the groups) an error is displayed as follows:

    "Could not retrieve default replication accounts. Unable to retrieve read-only account groups."

    There are no issues logged in the adprep logs.

    I cannot find any information on how to resolve this issue and the deployment wizard will allow us to continue without selecting any groups.

    If anyone has any ideas on how to resolve this it would be greatly appreciated.

    Joe



    Tuesday, October 8, 2013 2:25 PM

Answers

  • If only i had patience - it took a very long time for the groups to appear in AD for some reason - i had checked on all DCs and couldn't see the accounts
    Tuesday, October 8, 2013 3:11 PM

All replies

  • If only i had patience - it took a very long time for the groups to appear in AD for some reason - i had checked on all DCs and couldn't see the accounts
    Tuesday, October 8, 2013 3:11 PM
  • The default RODC related groups are created on the first transfer of the PDC role to a domain controller running Windows Server 2008 or later:

    http://networkadminkb.com/KB/a15/transitioning-a-windows-2003-domain-to-windows-2008-r2.aspx



    Thursday, January 15, 2015 8:46 PM