Solved

RODC Active Directory

Posted on 2014-03-24
4
167 Views
Last Modified: 2014-04-15
Hi,


I was wondering if it was possible to create a RODC that doesn't participate in any authentication for users within my network. I need this RODC purely for ldap authentication for an external service and I don't want my internal clients to query it for logins or anything else.

Is this possible?
0
Comment
Question by:dcirona86
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Jaroslav Mraz
ID: 39952478
Hi,

One think you can do is block unwanted services ports on firewall

http://technet.microsoft.com/en-us/library/dd772723(ws.10).aspx
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39952728
also create a different site and move the RODC to that site, so that only that subnet user can authenticate. That would be your external services subnet/range.
0
 

Author Comment

by:dcirona86
ID: 39957997
So if I already have a Default-First-Site-Name and then create an additional site with the specific subnet, the clients on my LAN should only authenticate to the DCs in the 'Default-First-Site-Name '?
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39958264
Hi,

create new subnet x.x.x.x and put the same range ip on RODC. so they will authenticate will RODC.

you default site user will authenticate with default site DC as that has your client range IP.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

My purpose is to describe the basic concepts of virtual memory as implemented in a modern Windows-based operating system. I will also describe the problems inherent in older systems and how virtual memory solves them. The dark ages - before virtu…
Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question