Read Only Domain Controllers

I am looking at introducing a number of 2008 RODC at branch offices and I was wondering about the following:

Are changes instantly replicated from the "ful" domain controller.

Can changes be made on any DC for instant replication or should changes be made on the partner DC to the RODC ?

Can replication times be changed and would this cause any issues ?

thank you
titn003Asked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

> Are changes instantly replicated from the "ful" domain controller.

Depends on the replication schedule set between sites. Generally, no.

> Can changes be made on any DC for instant replication or should changes be made on
> the partner DC to the RODC ?

It depends on the topology and the nature of the change.

Perhaps the most important aspect is replication of password changes. That is covered by this article:

http://technet.microsoft.com/en-us/library/cc730883.aspx

> Can replication times be changed and would this cause any issues ?

Which is perhaps the most important :) Yes and no with the no being dependant on the type of issues you think you might face (or how reliant you are on fields in AD beyond authentication).

AD Sites and Services will allow you to configure your replication topology, frequency and any other scheduling.

The generation of the topology hasn't really changed from 2003. The trick is that RODCs will only allow inbound replication, no local changes, and therefore no outbound replication. RODCs can, of course, only replicate from writeable DCs.

This article covers some of the other frequently asked questions about RODCs:

http://technet.microsoft.com/en-us/library/cc754956.aspx

HTH

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.