Solved

Domain Controller on Windows 2008 Server Core for Branch Offices

Posted on 2011-09-25
3
226 Views
Last Modified: 2012-06-27
Hi Experts,

What's yours' opinion on having Ready Only DC's (RODC) installed onto Windows 2008 Server Core for branch offices?

Have you ever done it yet? What are the pros and cons?

Tks for the help!

Rodrigo Garcone

0
Comment
Question by:garconer
3 Comments
 
LVL 21

Expert Comment

by:yo_bee
ID: 36596672
I have not done a Server Core of ADDS, but I have done a Print server and it works wells.
You need to allow for Windows Remote Management (WS-Management) (Service WinRM) ports to use server manager
This can be enabled via Powershell.
http://technet.microsoft.com/en-us/magazine/ff700227.aspx

I find this a very viable solution with my experience so far with the Print Server and plan on doing so when we upgrade our DC's
Once you have RSAT installed on your workstation you will have access to the MMC.
Since this is a read only there really should be little to have to deal with.
http://blogs.technet.com/b/keithcombs/archive/2007/07/14/windows-server-2008-screencast-core-read-only-dc-creation.aspx

I would not do this until you have tested in a lab.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 36597223
Do you have physical security issues at your branch offices?  that would be the reason for the RODC.

I like server core, I like that they added sconfig to 2008 R2   http://technet.microsoft.com/en-us/edge/Video/ff710829

I'd probably go to 2008 R2 in your case.

thanks

Mike
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36597407
I love having RODC in branch offices, because it means that I can make a password change/reset/unlock without waiting for replication or needing to connect to the local DC.

There are some downsides to running core on your branch servers: BranchCache won't run for sure; will your printer drivers work?; probably can't run WireShark under core for network sniffing. I do run ADS under Core for my DMZ and that works fine. I use my branch servers as a sniffing station for branch LAN/WAN traffic, which pushes me to full Windows, as does BranchCache (not setup yet, but I would like to use it).  
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now