We are currently building a reslient SSO infrastucture and would like to deploy an RODC in order to service the authentication requests to our ADFS servers.
The domain functional level is server 2003 as we currently still have Server 2003 DCs. All FSMO roles are currently held by a Server 2003 DC.
We have 2 writeable 2008R2 DCs, one of which is in the same site as the FSMO Role holder.
We have ran adprep /Forestprep, adprep /domainprep and adprep /rodcprep and these all completed with no issues logged however the Replication groups for the RODCs have not been created.
When attempting to add the 2012 RODC we get to the Domain Controller Options->RODC Options and after a period of time (assuming AD is being queried for the groups) an error is displayed as follows:
"Could not retrieve default replication accounts. Unable to retrieve read-only account groups."
There are no issues logged in the adprep logs.
I cannot find any information on how to resolve this issue and the deployment wizard will allow us to continue without selecting any groups.
If anyone has any ideas on how to resolve this it would be greatly appreciated.
Joe