RODC Active Directory

Hi,


I was wondering if it was possible to create a RODC that doesn't participate in any authentication for users within my network. I need this RODC purely for ldap authentication for an external service and I don't want my internal clients to query it for logins or anything else.

Is this possible?
dcirona86Asked:
Who is Participating?
 
Santosh GuptaConnect With a Mentor Commented:
also create a different site and move the RODC to that site, so that only that subnet user can authenticate. That would be your external services subnet/range.
0
 
Jaroslav MrazCTOCommented:
Hi,

One think you can do is block unwanted services ports on firewall

http://technet.microsoft.com/en-us/library/dd772723(ws.10).aspx
0
 
dcirona86Author Commented:
So if I already have a Default-First-Site-Name and then create an additional site with the specific subnet, the clients on my LAN should only authenticate to the DCs in the 'Default-First-Site-Name '?
0
 
Santosh GuptaCommented:
Hi,

create new subnet x.x.x.x and put the same range ip on RODC. so they will authenticate will RODC.

you default site user will authenticate with default site DC as that has your client range IP.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.