Solved

Set RDP server to authenticate with RODC

Posted on 2013-01-09
2
743 Views
Last Modified: 2013-04-03
I have 2 forests, A and B, connected with a 2 way trust over a VPN tunnel.
In Forest A, I have an RDP Server.
Users in Forest B can login to the RDP Server using their own domain credentials, but logon is slow as it authenticates back with the domain controllers in Forest B.

I have installed a Read Only Domain Controller (Forest B) in Forest A, hoping to speed up the authentication. However, when users that logon to the RDP server is still authenticating back to the old DC in Forest B, rather than the RODC in Forest A.

How can I make them authenticate to the RODC?

I have granted the users membership to "Allowed RODC Password Replication Group", as well as verified that their accounts are visible in the "Accounts whose passwords are stored in this Read-only Domain Controller".
I have also the domain controllers assigned correctly to the 2 Sites with correct subnets in Active Directory sites and services.
0
Comment
Question by:frukeus
2 Comments
 
LVL 36

Accepted Solution

by:
Jian An Lim earned 500 total points
Comment Utility
i have a think about that.
the behaviour mainly driven by the 2 way trust setup
if you have setup your 2 way trust to go over the VPN, it will fly over the VPN.

so i think you need to change your 2 way trust to trust the RODC.

but i am guessing there must be something prohibited not to trust a rodc
0
 
LVL 1

Author Closing Comment

by:frukeus
Comment Utility
I read somewhere that the 2 way trust will always check with the DC first instead of RODC.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now