Solved

Domain Controller on Windows 2008 Server Core for Branch Offices

Posted on 2011-09-25
3
229 Views
Last Modified: 2012-06-27
Hi Experts,

What's yours' opinion on having Ready Only DC's (RODC) installed onto Windows 2008 Server Core for branch offices?

Have you ever done it yet? What are the pros and cons?

Tks for the help!

Rodrigo Garcone

0
Comment
Question by:garconer
3 Comments
 
LVL 22

Expert Comment

by:yo_bee
ID: 36596672
I have not done a Server Core of ADDS, but I have done a Print server and it works wells.
You need to allow for Windows Remote Management (WS-Management) (Service WinRM) ports to use server manager
This can be enabled via Powershell.
http://technet.microsoft.com/en-us/magazine/ff700227.aspx

I find this a very viable solution with my experience so far with the Print Server and plan on doing so when we upgrade our DC's
Once you have RSAT installed on your workstation you will have access to the MMC.
Since this is a read only there really should be little to have to deal with.
http://blogs.technet.com/b/keithcombs/archive/2007/07/14/windows-server-2008-screencast-core-read-only-dc-creation.aspx

I would not do this until you have tested in a lab.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 36597223
Do you have physical security issues at your branch offices?  that would be the reason for the RODC.

I like server core, I like that they added sconfig to 2008 R2   http://technet.microsoft.com/en-us/edge/Video/ff710829

I'd probably go to 2008 R2 in your case.

thanks

Mike
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36597407
I love having RODC in branch offices, because it means that I can make a password change/reset/unlock without waiting for replication or needing to connect to the local DC.

There are some downsides to running core on your branch servers: BranchCache won't run for sure; will your printer drivers work?; probably can't run WireShark under core for network sniffing. I do run ADS under Core for my DMZ and that works fine. I use my branch servers as a sniffing station for branch LAN/WAN traffic, which pushes me to full Windows, as does BranchCache (not setup yet, but I would like to use it).  
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question