Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » RODC prepopulate passwords
RODC prepopulate passwords [message #160848] Wed, 09 September 2009 09:31 Go to next message
RC  is currently offline RC  United States
Messages: 62
Registered: July 2009
Member
is there a way to prepopulate the passowrds on a RODC, other than
adding individual users/computers accounts?

I have a group that is in the allow list and i want to prepopulate the
users that are in that group. the problem is the amount of users in
that group is to large for me to add each one, one at a time.
RE: RODC prepopulate passwords [message #160857 is a reply to message #160848] Wed, 09 September 2009 12:06 Go to previous messageGo to next message
JustinHa  is currently offline JustinHa
Messages: 8
Registered: September 2009
Junior Member
Hello RC,

Only individual accounts can be specified. The design was just not targeted
for groups.
Note that in this case each account will be cached on the RODC when it first
attempts to log on using the RODC, as long as there is connectivity between
the RODC and a 2008 RWDC.
What is the scenario why all accounts from the group need to be
pre-populated? For example, will there be no connectivity, or some other
reason?

Justin [MSFT]
AD Documentation team

"RC" wrote:

> is there a way to prepopulate the passowrds on a RODC, other than
> adding individual users/computers accounts?
>
> I have a group that is in the allow list and i want to prepopulate the
> users that are in that group. the problem is the amount of users in
> that group is to large for me to add each one, one at a time.
>
Re: RODC prepopulate passwords [message #160860 is a reply to message #160848] Wed, 09 September 2009 12:19 Go to previous messageGo to next message
florian  is currently offline florian  Germany
Messages: 484
Registered: July 2009
Senior Member
Howdie!

RC schrieb:
> is there a way to prepopulate the passowrds on a RODC, other than
> adding individual users/computers accounts?
>
> I have a group that is in the allow list and i want to prepopulate the
> users that are in that group. the problem is the amount of users in
> that group is to large for me to add each one, one at a time.

Justin is right, you cannot select groups for that. I guess that you'll
have to script that using repadmin /rodcpwdrepl:
http://technet.microsoft.com/en-us/library/cc754646(WS.10).aspx#BKMK_POP

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: RODC prepopulate passwords [message #160861 is a reply to message #160860] Wed, 09 September 2009 13:24 Go to previous messageGo to next message
RC  is currently offline RC  United States
Messages: 62
Registered: July 2009
Member
yes, I was aware that I wouldn’t be able to use groups. I was curious
if there was a way around it. and yes to the other poster. there will
be no connectivity at first. prepopulating would allow for continued
business.

i will look into creating a script to accomplish this task. thank you
for the confirmation.
Re: RODC prepopulate passwords [message #160862 is a reply to message #160861] Wed, 09 September 2009 14:41 Go to previous messageGo to next message
JustinHa  is currently offline JustinHa
Messages: 8
Registered: September 2009
Junior Member
Thank you for explaining. Microsoft is interested in understanding the
scenario, so any information you can share is appreciated.

Do you need to do this for multiple RODCs, or multiple groups, or different
combinations of them?

Justin [MSFT]
AD documentation team

"RC" wrote:

> yes, I was aware that I wouldn’t be able to use groups. I was curious
> if there was a way around it. and yes to the other poster. there will
> be no connectivity at first. prepopulating would allow for continued
> business.
>
> i will look into creating a script to accomplish this task. thank you
> for the confirmation.
>
Re: RODC prepopulate passwords [message #160902 is a reply to message #160862] Thu, 10 September 2009 08:33 Go to previous messageGo to next message
RC  is currently offline RC  United States
Messages: 62
Registered: July 2009
Member
right now i only need it for 1 rodc and 2 groups. both groups have
several hundered users. i can see where this will be a HUGE problem
down the road where the number may grow to several thousand.
Re: RODC prepopulate passwords [message #160979 is a reply to message #160902] Fri, 11 September 2009 14:22 Go to previous messageGo to next message
KevinJ.SBS  is currently offline KevinJ.SBS  United States
Messages: 653
Registered: July 2009
Senior Member
RC wrote:
> right now i only need it for 1 rodc and 2 groups. both groups have
> several hundered users. i can see where this will be a HUGE problem
> down the road where the number may grow to several thousand.

It's not all that big of an issue, even for hundereds of thousands of users.
It would sure make life easier if a DCR somedays allows one to add the same
groups that are allowed in the RODC's password replication policy to be
added in the pre-populate space.

A little scripting and a little planning can make it a simple nigghtly
scheduled task. - Not all that effecient, but 'doable'.

--
/kj
Re: RODC prepopulate passwords [message #162105 is a reply to message #160848] Wed, 14 October 2009 15:35 Go to previous message
SubstituteThisWithMyF  is currently offline SubstituteThisWithMyF  Netherlands
Messages: 85
Registered: October 2009
Member
create a script to get the members of the group and pipe that to the
REPADMIN /rodcpwdrepl option

/rodcpwdrepl --> Triggers replication of passwords for the specified user(s)
from the source (Hub DC) to one or more Read Only DC's.

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------ ------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------ ------------------------------
#################################################
#################################################
------------------------------------------------------------ ------------------------------

"RC" <richjchristy@gmail.com> wrote in message
news:37410f6c-d279-414f-839e-63b0d0c6b386@o13g2000vbl.googlegroups.com...
> is there a way to prepopulate the passowrds on a RODC, other than
> adding individual users/computers accounts?
>
> I have a group that is in the allow list and i want to prepopulate the
> users that are in that group. the problem is the amount of users in
> that group is to large for me to add each one, one at a time.
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4507 (20091014) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>

__________ Information from ESET Smart Security, version of virus signature database 4507 (20091014) __________

The message was checked by ESET Smart Security.

http://www.eset.com
Previous Topic:Re: IMpact of changing the IP address of a Domain Controller
Next Topic:RODC in DMZ
Goto Forum:
  


Current Time: Tue Jan 16 04:22:25 MST 2018

Total time taken to generate the page: 0.03877 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software