script for Read Only Domain Controller to choose groups and users to authenticate to RODC

IS there a script for Read Only Domain Controller to choose groups and users to authenticate to RODC?

Thank you
creative555Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
MaheshConnect With a Mentor ArchitectCommented:
You would add users and computer accounts to allowed replication group only if you want its password to be cached on RODC
Otherwise they would get authenticated through RODC via R/W DC, what it means when RODC get the authentication request, it will forward it by default to R/W DC and get it authenticated unless you save credentials by adding it into allowed password replication group

You don't want to cache mobile users and computers password on RODC
If a location has some computers \ users and RODC, you can manually add those users in allowed password replication group so that their 1st logon will happen thru R/W DC and passwords will get cached on RODC and for next logons they will be logged on with cached credentials
This task need to be done manually

U may add user to deny password replication group if you do not want to cache user password.
High privileges accounts such as domain admins are always placed in deny password replication group by default
0
 
David Johnson, CD, MVPOwnerCommented:
no as computers/users will use any available dc, in a remote office the only available DC should be the RODC which they will get from the local dhcp server
0
 
creative555Author Commented:
oh. But we need to add the groups to allow and denied list for that RODC?? Correct? Otherwise, they wont be able to authenticate?
0
 
David Johnson, CD, MVPOwnerCommented:
No you don't have to it is a domain controller that does not update from the clients only updates from the primary domain controller. Where did you get the idea of adding groups and allow / deny lists?
0
 
creative555Author Commented:
thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.