Solved

Domain Controller on Windows 2008 Server Core for Branch Offices

Posted on 2011-09-25
3
230 Views
Last Modified: 2012-06-27
Hi Experts,

What's yours' opinion on having Ready Only DC's (RODC) installed onto Windows 2008 Server Core for branch offices?

Have you ever done it yet? What are the pros and cons?

Tks for the help!

Rodrigo Garcone

0
Comment
Question by:garconer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 23

Expert Comment

by:yo_bee
ID: 36596672
I have not done a Server Core of ADDS, but I have done a Print server and it works wells.
You need to allow for Windows Remote Management (WS-Management) (Service WinRM) ports to use server manager
This can be enabled via Powershell.
http://technet.microsoft.com/en-us/magazine/ff700227.aspx

I find this a very viable solution with my experience so far with the Print Server and plan on doing so when we upgrade our DC's
Once you have RSAT installed on your workstation you will have access to the MMC.
Since this is a read only there really should be little to have to deal with.
http://blogs.technet.com/b/keithcombs/archive/2007/07/14/windows-server-2008-screencast-core-read-only-dc-creation.aspx

I would not do this until you have tested in a lab.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 36597223
Do you have physical security issues at your branch offices?  that would be the reason for the RODC.

I like server core, I like that they added sconfig to 2008 R2   http://technet.microsoft.com/en-us/edge/Video/ff710829

I'd probably go to 2008 R2 in your case.

thanks

Mike
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36597407
I love having RODC in branch offices, because it means that I can make a password change/reset/unlock without waiting for replication or needing to connect to the local DC.

There are some downsides to running core on your branch servers: BranchCache won't run for sure; will your printer drivers work?; probably can't run WireShark under core for network sniffing. I do run ADS under Core for my DMZ and that works fine. I use my branch servers as a sniffing station for branch LAN/WAN traffic, which pushes me to full Windows, as does BranchCache (not setup yet, but I would like to use it).  
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question