Can I make a Windows Server 2003 DC read only?

Posted on 2008-11-09
Last Modified: 2012-05-05
I was wondering something.  I know with 2008 you can make a DC read-only, but I was wondering if there was some way to make a 2003 DC read-only too?

Here is my scenario:
1 main site (PDC resides here along with a couple other DCs for backup purposes)
3 remote sites (each site has a DC)

I would like to make the 3 remote site DCs read-only, if not then I will have to change the admin password to keep my level 1 tech hands out of the cookie jar, but they really need to have access to a couple of the programs on the server at those sites.  It would be nice to just make sure they could not make any changes the AD from those sites.

Thanks for your time.

Question by:rsnellman
    LVL 24

    Assisted Solution

    No. This feature is only supported on Windows Server 2008. Sorry.
    LVL 63

    Assisted Solution

    You need to tell them not to touch the AD and specific programs, or upgrade to win 2008.

    I hope this helps !
    LVL 24

    Accepted Solution

    You cannot have a read only DC in WIndows 2003.

    It is a new feature in Windows 2008. In order to have a read only DC, you need to have atleast one Windows 2008 DC (not read only) along with your 2003 DCs to start with. Only after that, you can think of having a read only DC.

    So, the first step will be to introduce a new Windows 2008 DC to the mix.

    Hope this helps.


    Author Comment

    OK, I thought that was the case.  So, I think I will be going to plan B, which is demote the current DC and make it a file server only and give them access to only that server for the specific programs.

    Maybe I could give them a different login account, so they could log into that remotely and access those specific programs.

    That should be the best route, right now, correct?  It is unfortunate that I have to go this route, but for whatever reasons my boss will not enforce it and they won't listen to me.  So, for their sake and more for mine, I need to take these measures to prevent an AD disaster.

    Ok, thanks again for everything.

    Have a great day.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    Title # Comments Views Activity
    DFS Question 4 19
    cannot create certificate for EXCH2013 migration 21 23
    deny local logon 12 34
    Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now