Link to home
Start Free TrialLog in
Avatar of westhelpdesk
westhelpdesk

asked on

Server 2008 Read Only Domain Contoller (RODC)

okay will try to explain as best as can.....

currently have 5 sites connected through MPLS.....all different locations..we will call these sites A-E

At site A we have 2 DC`s win 2003 Server...only DC`s on domain....

Currently at site B we need to add an application Server for the apps on this server will not cross the T1 line....they have to be ran locally...

what i want accomplished...is two have users login at site B on the domain without having to cross the T1 constantly for user password authentication....

qustion is it better to setup that server as a member server or a RODC ....is so why....what are the advantages or disadvantages of both....and is there a better alternative to accomplish the same thing....
Avatar of NJComputerNetworks
NJComputerNetworks
Flag of United States of America image

"have users login at site B on the domain without having to cross the T1 constantly for user password authentication...."

In site B you need a domain controller and you have to logically place this DC in the Site B Active Directory Site - In AD Sites and Services (based on the subnet).  You should also make this server a DNS server to isolate the DNS traffic (update clients to point to the site B ad DC/DNS server too).  Also make this server a global catalog server.

Adding a member server to the domain in site be will do nothing for authentication of domain credentials.

Avatar of ARK-DS
ARK-DS

Hi,
If you want to reduce the authentication traffic, I think you have to chose between a DC and an RODC because a member server will itself go across for authentication...
Now, a DC is a full fledged resource to manage your domain.Where as, an RODC is a read only replica of a DC. The first time some authentication comes to RODC, it has to ask a DC to get the ticket issued to the user/client and thenafter, it starts authenticating that user.
You can also control what attributes should replicate to the RODC.

See this:

http://technet.microsoft.com/en-us/library/cc753459(WS.10).aspx

Hope this answers your queries. If you need any further clarifications, please feel free to revert.

Regards,

Arun.
Avatar of westhelpdesk

ASKER

from my understanding a RODC is a domain controller, but you can not make any changes on it....why would i want to go with a DC rather than a RODC...my thinking is go with a RODC rather than a DC for if i have a user that needs to access this server they cannot make changes to AD........

Why would i want to make this DC OR RODC(which i dont think you can) a Global Catalog Server.

i guess over all what benifits of making this a DC or RODC????
ASKER CERTIFIED SOLUTION
Avatar of NJComputerNetworks
NJComputerNetworks
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
thanks alot for all your help! much appreciated....