westhelpdesk
asked on
Server 2008 Read Only Domain Contoller (RODC)
okay will try to explain as best as can.....
currently have 5 sites connected through MPLS.....all different locations..we will call these sites A-E
At site A we have 2 DC`s win 2003 Server...only DC`s on domain....
Currently at site B we need to add an application Server for the apps on this server will not cross the T1 line....they have to be ran locally...
what i want accomplished...is two have users login at site B on the domain without having to cross the T1 constantly for user password authentication....
qustion is it better to setup that server as a member server or a RODC ....is so why....what are the advantages or disadvantages of both....and is there a better alternative to accomplish the same thing....
currently have 5 sites connected through MPLS.....all different locations..we will call these sites A-E
At site A we have 2 DC`s win 2003 Server...only DC`s on domain....
Currently at site B we need to add an application Server for the apps on this server will not cross the T1 line....they have to be ran locally...
what i want accomplished...is two have users login at site B on the domain without having to cross the T1 constantly for user password authentication....
qustion is it better to setup that server as a member server or a RODC ....is so why....what are the advantages or disadvantages of both....and is there a better alternative to accomplish the same thing....
Hi,
If you want to reduce the authentication traffic, I think you have to chose between a DC and an RODC because a member server will itself go across for authentication...
Now, a DC is a full fledged resource to manage your domain.Where as, an RODC is a read only replica of a DC. The first time some authentication comes to RODC, it has to ask a DC to get the ticket issued to the user/client and thenafter, it starts authenticating that user.
You can also control what attributes should replicate to the RODC.
See this:
http://technet.microsoft.com/en-us/library/cc753459(WS.10).aspx
Hope this answers your queries. If you need any further clarifications, please feel free to revert.
Regards,
Arun.
If you want to reduce the authentication traffic, I think you have to chose between a DC and an RODC because a member server will itself go across for authentication...
Now, a DC is a full fledged resource to manage your domain.Where as, an RODC is a read only replica of a DC. The first time some authentication comes to RODC, it has to ask a DC to get the ticket issued to the user/client and thenafter, it starts authenticating that user.
You can also control what attributes should replicate to the RODC.
See this:
http://technet.microsoft.com/en-us/library/cc753459(WS.10).aspx
Hope this answers your queries. If you need any further clarifications, please feel free to revert.
Regards,
Arun.
ASKER
from my understanding a RODC is a domain controller, but you can not make any changes on it....why would i want to go with a DC rather than a RODC...my thinking is go with a RODC rather than a DC for if i have a user that needs to access this server they cannot make changes to AD........
Why would i want to make this DC OR RODC(which i dont think you can) a Global Catalog Server.
i guess over all what benifits of making this a DC or RODC????
Why would i want to make this DC OR RODC(which i dont think you can) a Global Catalog Server.
i guess over all what benifits of making this a DC or RODC????
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks alot for all your help! much appreciated....
In site B you need a domain controller and you have to logically place this DC in the Site B Active Directory Site - In AD Sites and Services (based on the subnet). You should also make this server a DNS server to isolate the DNS traffic (update clients to point to the site B ad DC/DNS server too). Also make this server a global catalog server.
Adding a member server to the domain in site be will do nothing for authentication of domain credentials.