Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » RODC
RODC [message #159402] Wed, 29 July 2009 12:04 Go to next message
Kerry  is currently offline Kerry
Messages: 48
Registered: July 2009
Member
Working on RODCs and have few questions:

1.When a LDAP write request is received by an RODC, it send off a RWDC
referral to the client. Now does an RODC has any preference of which DC type
should it send the referral to like W2k, W2k3, W2k8?
2.Can a RODC install on server core be delegated to a normal branch user
just like the installing RODC on full install?
3.Can RODC act as a time server?
4.Can an RODC be installed in DMZ kind of environments?
5.Can RODC be internet facing?
6.Can RODC get replication updates from w2k, w2k3 (except for Domain
Partition) and w2k8 DC?
7.Can a RWDC get replication updates from w2k, w2k3 and w2k8
8.Are confidential arrtibutes set per RODC or when configured are they
applicable to all RODC?
9.How are urgent replication changes handled (Password Change etc)?
10. IF RODC us not a GC what are the likely probems.
Re: RODC [message #159433 is a reply to message #159402] Wed, 29 July 2009 16:18 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Kerry,

See following articles about RODC, if then still questions are open please
ask again:

RODC in DMZ:
http://technet.microsoft.com/en-us/library/dd728034(WS.10).aspx

RODC FAQ:
http://technet.microsoft.com/en-us/library/cc754956(WS.10).aspx

RODCs can only replicate with 2008 DCs. Replicationis handled the same as
with RWDCs. The domain time source is the DC with the PDCEmulator FSMO.

http://technet.microsoft.com/en-us/library/cc754218(WS.10).aspx

http://technet.microsoft.com/en-us/library/dd734758(WS.10).aspx


Compatibility pack for 2003/XP:
http://support.microsoft.com/kb/944043


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Working on RODCs and have few questions:
>
> 1.When a LDAP write request is received by an RODC, it send off a RWDC
> referral to the client. Now does an RODC has any preference of which
> DC type
> should it send the referral to like W2k, W2k3, W2k8?
> 2.Can a RODC install on server core be delegated to a normal branch
> user
> just like the installing RODC on full install?
> 3.Can RODC act as a time server?
> 4.Can an RODC be installed in DMZ kind of environments?
> 5.Can RODC be internet facing?
> 6.Can RODC get replication updates from w2k, w2k3 (except for Domain
> Partition) and w2k8 DC?
> 7.Can a RWDC get replication updates from w2k, w2k3 and w2k8
> 8.Are confidential arrtibutes set per RODC or when configured are they
> applicable to all RODC?
> 9.How are urgent replication changes handled (Password Change etc)?
> 10. IF RODC us not a GC what are the likely probems.
Re: RODC [message #159439 is a reply to message #159402] Wed, 29 July 2009 16:34 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi
Check inline
> 1.When a LDAP write request is received by an RODC, it send off a RWDC
> referral to the client. Now does an RODC has any preference of which DC
> type should it send the referral to like W2k, W2k3, W2k8?

Communications with RODC are one way directio Full DC -> RODC

> 2.Can a RODC install on server core be delegated to a normal branch user
> just like the installing RODC on full install?
Same thing.

> 3.Can RODC act as a time server?
Never did that and you shouldn't do that as well let Domain Time hierarchy
take its course.

> 4.Can an RODC be installed in DMZ kind of environments?
Yes. You can place it anywhere you want. It should be placed at DMZ??!!!
That's a different story.

> 5.Can RODC be internet facing?
Yes. You can place it anywhere you want. It should be placed at
Internet??!!! That's a different story.

> 6.Can RODC get replication updates from w2k, w2k3 (except for Domain
> Partition) and w2k8 DC?
What???!!!

> 7.Can a RWDC get replication updates from w2k, w2k3 and w2k8.
What are the purpose of these questions?

> 8.Are confidential arrtibutes set per RODC or when configured are they
> applicable to all RODC?
Read "Marking attributes as confidential" at
http://technet.microsoft.com/en-us/library/cc753223(WS.10).aspx

> 9.How are urgent replication changes handled (Password Change etc)?
The same way as in Full editions but may depend how caching is setup and
network connectivity.

> 10. IF RODC us not a GC what are the likely probems.
Every app or action that needs a GC will attempt to find one GC to perform
the query. Note that are apps like exchange that don't look at RODCs even if
they're GCs.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"Kerry" <Kerry@live.com> wrote in message
news:%23RcbZcHEKHA.5068@TK2MSFTNGP03.phx.gbl...
> Working on RODCs and have few questions:
>
> 1.When a LDAP write request is received by an RODC, it send off a RWDC
> referral to the client. Now does an RODC has any preference of which DC
> type should it send the referral to like W2k, W2k3, W2k8?
> 2.Can a RODC install on server core be delegated to a normal branch user
> just like the installing RODC on full install?
> 3.Can RODC act as a time server?
> 4.Can an RODC be installed in DMZ kind of environments?
> 5.Can RODC be internet facing?
> 6.Can RODC get replication updates from w2k, w2k3 (except for Domain
> Partition) and w2k8 DC?
> 7.Can a RWDC get replication updates from w2k, w2k3 and w2k8
> 8.Are confidential arrtibutes set per RODC or when configured are they
> applicable to all RODC?
> 9.How are urgent replication changes handled (Password Change etc)?
> 10. IF RODC us not a GC what are the likely probems.
>
>
>
Re: RODC [message #159441 is a reply to message #159402] Wed, 29 July 2009 16:34 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
also this one
http://technet.microsoft.com/en-us/library/cc753459(WS.10).aspx

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"Kerry" <Kerry@live.com> wrote in message
news:%23RcbZcHEKHA.5068@TK2MSFTNGP03.phx.gbl...
> Working on RODCs and have few questions:
>
> 1.When a LDAP write request is received by an RODC, it send off a RWDC
> referral to the client. Now does an RODC has any preference of which DC
> type should it send the referral to like W2k, W2k3, W2k8?
> 2.Can a RODC install on server core be delegated to a normal branch user
> just like the installing RODC on full install?
> 3.Can RODC act as a time server?
> 4.Can an RODC be installed in DMZ kind of environments?
> 5.Can RODC be internet facing?
> 6.Can RODC get replication updates from w2k, w2k3 (except for Domain
> Partition) and w2k8 DC?
> 7.Can a RWDC get replication updates from w2k, w2k3 and w2k8
> 8.Are confidential arrtibutes set per RODC or when configured are they
> applicable to all RODC?
> 9.How are urgent replication changes handled (Password Change etc)?
> 10. IF RODC us not a GC what are the likely probems.
>
>
>
Re: RODC [message #159457 is a reply to message #159402] Thu, 30 July 2009 00:35 Go to previous message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Kerry,

Kerry wrote:
> 1.When a LDAP write request is received by an RODC, it send off a RWDC
> referral to the client. Now does an RODC has any preference of which DC type
> should it send the referral to like W2k, W2k3, W2k8?

It is actually the client, that gets a write a referral. A client that
wants to write to AD and finds a RODC will get a write referral to a DC.
If I recall correctly, the referral includes one of the DCs from the hub
- that might be a random one (no specific as DNS is involved).

> 2.Can a RODC install on server core be delegated to a normal branch user
> just like the installing RODC on full install?

Yes. You can use the IFM (install from media) installation method and
prepare it for the RODC use (that will strip off all "secrets" contained
in AD as they won't be needed by the RODC anyway).

> 3.Can RODC act as a time server?

You don't need to specifically configure this. Clients follow the domain
time hierarchy.

> 4.Can an RODC be installed in DMZ kind of environments?

You can do that technically. But as Jorge pointed out - do you really
want that? We can't judge as we don't know what you purpose with that.

> 5.Can RODC be internet facing?

You don't want that. Use VPN or something but don't put it on the
internet. You really want a DNS server with internal domain data on the
internet? Come on man...

> 6.Can RODC get replication updates from w2k, w2k3 (except for Domain
> Partition) and w2k8 DC?

It will replicate changes of AD from other DCs in, yes.

> 7.Can a RWDC get replication updates from w2k, w2k3 and w2k8

Err... what?

> 8.Are confidential arrtibutes set per RODC or when configured are they
> applicable to all RODC?

They're defined in the schema and therefore set for all RODCs.
http://www.frickelsoft.net/blog/?p=202

> 9.How are urgent replication changes handled (Password Change etc)?

The clients uses a writable DC for the password change.

> 10. IF RODC us not a GC what are the likely probems.

The same as with RWDCs. Apps that rely on GCs will fail. (Exchange won't
play with RODCs anyway).
Previous Topic:Re: How to make IE browser by default by GPO
Next Topic:Error while launching Users and Computers snap in
Goto Forum:
  


Current Time: Thu Jan 18 20:50:07 MST 2018

Total time taken to generate the page: 0.03650 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software