Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Set RDP server to authenticate with RODC

Posted on 2013-01-09
2
Medium Priority
?
776 Views
Last Modified: 2013-04-03
I have 2 forests, A and B, connected with a 2 way trust over a VPN tunnel.
In Forest A, I have an RDP Server.
Users in Forest B can login to the RDP Server using their own domain credentials, but logon is slow as it authenticates back with the domain controllers in Forest B.

I have installed a Read Only Domain Controller (Forest B) in Forest A, hoping to speed up the authentication. However, when users that logon to the RDP server is still authenticating back to the old DC in Forest B, rather than the RODC in Forest A.

How can I make them authenticate to the RODC?

I have granted the users membership to "Allowed RODC Password Replication Group", as well as verified that their accounts are visible in the "Accounts whose passwords are stored in this Read-only Domain Controller".
I have also the domain controllers assigned correctly to the 2 Sites with correct subnets in Active Directory sites and services.
0
Comment
Question by:frukeus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 2000 total points
ID: 38761451
i have a think about that.
the behaviour mainly driven by the 2 way trust setup
if you have setup your 2 way trust to go over the VPN, it will fly over the VPN.

so i think you need to change your 2 way trust to trust the RODC.

but i am guessing there must be something prohibited not to trust a rodc
0
 
LVL 1

Author Closing Comment

by:frukeus
ID: 39043474
I read somewhere that the 2 way trust will always check with the DC first instead of RODC.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
A hard and fast method for reducing Active Directory Administrators members.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question