Adding RODC to Existing Server 2008 R2 Domain

Posted on 2011-02-16
Last Modified: 2012-05-11
I need to add a second RODC at a colocation and I'm wondering what the proper steps are as I've never had to add a second domain controller to a network before.

All the remote users are pointing to the PDC at  I'm going to add the RODC with DNS and DHCP leasing a subnet of to the colo network.  I've already joined the colo's workstations to the PDC, what do I need to do to have them point to the RODC? Do I do nothing? Do I just setup DHCP to point to the RODC for DNS?

Question by:DSM_22
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 34911018
Make sure the new server has a static IP and its dns server setting is set on the network interface.
Just run through the steps for creating a domain controller normally, but instead of creating a new domain in a new forest, join an existing domain. Later on make sure you check the RODC check box, leave the dns and GC server boxes checked. After done and rebooted add a forward lookup zone (active directory integrated) to dns and make sure every one is set to use it as a secondary dns (dhcp etc)

I think thats it, might need to do an adprep /rodcprep at some stage

check here
LVL 42

Accepted Solution

kevinhsieh earned 450 total points
ID: 34911638
Are you treating your colo as a DR facility? If you are, or if it is only your second DC, I suggest you make it a full DC. Otherwise I am pretty sure that you will be in a world of hurt if your lose your one and only writeable DC. My guess is that if you lose all of your writable domain controllers and are unable to recover them that you will need to create a new domain/forest in order to move forward.

Since this is the first time you have had multiple domain controllers in multiple sites, you need to configure AD sites and services. Otherwise you will have some clients going over the WAN to connect to a DC instead of the local one. AD doesn't handle it for you automatically.

Author Comment

ID: 34911750
This isn't a DR facility, but I like your points on redundancy so I will opt for a full domain controller role.

Do you have any tips or helpful links for setting up sites and services?
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

LVL 42

Assisted Solution

kevinhsieh earned 450 total points
ID: 34911918
From Technet:

This link is for Windows 2000, but I don't think that things have changed and there's a lot less to read
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 50 total points
ID: 34912335
Here to add an additional Domain Controller follow this link.

Author Comment

ID: 34921010
Thanks for the replies guy.  Most points are awarded to kevinhsieh for experienced input.  The link to the M$ documentation on a second DC is the first thing I checked but I wanted some feedback from fellow experts :).

Author Closing Comment

ID: 34921024

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question