Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Domain Controller on Windows 2008 Server Core for Branch Offices

Posted on 2011-09-25
3
Medium Priority
?
234 Views
Last Modified: 2012-06-27
Hi Experts,

What's yours' opinion on having Ready Only DC's (RODC) installed onto Windows 2008 Server Core for branch offices?

Have you ever done it yet? What are the pros and cons?

Tks for the help!

Rodrigo Garcone

0
Comment
Question by:garconer
3 Comments
 
LVL 24

Expert Comment

by:yo_bee
ID: 36596672
I have not done a Server Core of ADDS, but I have done a Print server and it works wells.
You need to allow for Windows Remote Management (WS-Management) (Service WinRM) ports to use server manager
This can be enabled via Powershell.
http://technet.microsoft.com/en-us/magazine/ff700227.aspx

I find this a very viable solution with my experience so far with the Print Server and plan on doing so when we upgrade our DC's
Once you have RSAT installed on your workstation you will have access to the MMC.
Since this is a read only there really should be little to have to deal with.
http://blogs.technet.com/b/keithcombs/archive/2007/07/14/windows-server-2008-screencast-core-read-only-dc-creation.aspx

I would not do this until you have tested in a lab.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 36597223
Do you have physical security issues at your branch offices?  that would be the reason for the RODC.

I like server core, I like that they added sconfig to 2008 R2   http://technet.microsoft.com/en-us/edge/Video/ff710829

I'd probably go to 2008 R2 in your case.

thanks

Mike
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36597407
I love having RODC in branch offices, because it means that I can make a password change/reset/unlock without waiting for replication or needing to connect to the local DC.

There are some downsides to running core on your branch servers: BranchCache won't run for sure; will your printer drivers work?; probably can't run WireShark under core for network sniffing. I do run ADS under Core for my DMZ and that works fine. I use my branch servers as a sniffing station for branch LAN/WAN traffic, which pushes me to full Windows, as does BranchCache (not setup yet, but I would like to use it).  
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question