• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 194
  • Last Modified:

RODC Active Directory

Hi,


I was wondering if it was possible to create a RODC that doesn't participate in any authentication for users within my network. I need this RODC purely for ldap authentication for an external service and I don't want my internal clients to query it for logins or anything else.

Is this possible?
0
dcirona86
Asked:
dcirona86
  • 2
1 Solution
 
Jaroslav MrazCTOCommented:
Hi,

One think you can do is block unwanted services ports on firewall

http://technet.microsoft.com/en-us/library/dd772723(ws.10).aspx
0
 
Santosh GuptaCommented:
also create a different site and move the RODC to that site, so that only that subnet user can authenticate. That would be your external services subnet/range.
0
 
dcirona86Author Commented:
So if I already have a Default-First-Site-Name and then create an additional site with the specific subnet, the clients on my LAN should only authenticate to the DCs in the 'Default-First-Site-Name '?
0
 
Santosh GuptaCommented:
Hi,

create new subnet x.x.x.x and put the same range ip on RODC. so they will authenticate will RODC.

you default site user will authenticate with default site DC as that has your client range IP.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now