Solved

RODC Active Directory

Posted on 2014-03-24
4
170 Views
Last Modified: 2014-04-15
Hi,


I was wondering if it was possible to create a RODC that doesn't participate in any authentication for users within my network. I need this RODC purely for ldap authentication for an external service and I don't want my internal clients to query it for logins or anything else.

Is this possible?
0
Comment
Question by:dcirona86
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Jaroslav Mraz
ID: 39952478
Hi,

One think you can do is block unwanted services ports on firewall

http://technet.microsoft.com/en-us/library/dd772723(ws.10).aspx
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39952728
also create a different site and move the RODC to that site, so that only that subnet user can authenticate. That would be your external services subnet/range.
0
 

Author Comment

by:dcirona86
ID: 39957997
So if I already have a Default-First-Site-Name and then create an additional site with the specific subnet, the clients on my LAN should only authenticate to the DCs in the 'Default-First-Site-Name '?
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39958264
Hi,

create new subnet x.x.x.x and put the same range ip on RODC. so they will authenticate will RODC.

you default site user will authenticate with default site DC as that has your client range IP.
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question