Solved

script for Read Only Domain Controller to choose groups and users to authenticate to RODC

Posted on 2015-02-03
5
104 Views
Last Modified: 2015-02-10
IS there a script for Read Only Domain Controller to choose groups and users to authenticate to RODC?

Thank you
0
Comment
Question by:creative555
  • 2
  • 2
5 Comments
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40586893
no as computers/users will use any available dc, in a remote office the only available DC should be the RODC which they will get from the local dhcp server
0
 

Author Comment

by:creative555
ID: 40587084
oh. But we need to add the groups to allow and denied list for that RODC?? Correct? Otherwise, they wont be able to authenticate?
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40587116
No you don't have to it is a domain controller that does not update from the clients only updates from the primary domain controller. Where did you get the idea of adding groups and allow / deny lists?
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40587136
You would add users and computer accounts to allowed replication group only if you want its password to be cached on RODC
Otherwise they would get authenticated through RODC via R/W DC, what it means when RODC get the authentication request, it will forward it by default to R/W DC and get it authenticated unless you save credentials by adding it into allowed password replication group

You don't want to cache mobile users and computers password on RODC
If a location has some computers \ users and RODC, you can manually add those users in allowed password replication group so that their 1st logon will happen thru R/W DC and passwords will get cached on RODC and for next logons they will be logged on with cached credentials
This task need to be done manually

U may add user to deny password replication group if you do not want to cache user password.
High privileges accounts such as domain admins are always placed in deny password replication group by default
0
 

Author Closing Comment

by:creative555
ID: 40601081
thanks!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question