Nyazit

Menu
  • Home
  • Mac
  • Tech
  • Networking
    • Windows Server
  • Security
  • Graphic
    • Photoshop
    • Illustrator
    • Premiere
    • After Effects
  • Office
    • Word
    • Excel
    • PowerPoint
  • Internet
  • Mobile
Home
Networking
Understanding Read-Only Domain Controller
Networking

Understanding Read-Only Domain Controller

Ghulam Abbas November 24, 2016

What is RODC?

It is a read-only copy of NTDS.dit file. Two copies of Ntds.dit are present in separate locations on a given domain controller: %SystemRoot%\NTDS\Ntds.dit This file stores the database that is in use on the domain controller. For the first time, RODC was introduced in windows server 2008, which contains a full replication of the domain database.

It was created for the places like a small branch, there is no IT staff, Less Secure.

Features of RODC:

  1. They have almost everything except most Passwords like domain Admins, Enterprise Admins, or high-level accounts.
  2. DNS is also RODC.

What are the prerequisites of RODC?

  1. The PDC Emulator has to be windows server 2008 or higher.
  2. Receive updates from Domain Controller.
  3. DFL (Domain function level) and forest function level (FFL), has to be windows server 2003 or higher. If you are working with server 2003 and you want to use RODC, you have to use ADPrep/ RODCprep commands. These commands will create an RODC platform. The adprep.exe command is located on the \support\ adprep folder on the Windows Server 2012 installation disk.
  4. On RODC Per Domain per Site.
  5. If any user is using Outlook, make sure that the RODC should be a part of Global Catalog.
  6. UGMC should be enabled by default.

Credentials Caching

While installing RODC in any method we have some sections to save the Credentials.

  1. RODC verifies login it will not forward to Domain Controller.
  2. You can save Account Passwords in two methods. Individuals                                                                                                                                               Group
  3. Admins are Denied for saving Credentials.
  4. If you the RODC compromised, Domain Controller has the ability to edit the RODC Users. Whether reset or Delete
  5. You can also cache computer accounts.

Administrator Role in RODC

Sometimes it may happen, Users need to install any Application, Service, or any to update. Since the User doesn’t have the ability to install software or any Application. Domain Controller Creates an Admin for them to do the job Administrator only on RODC. Or in other Definition Domain Controller Controls Admin and Admin controls RODC. Here is some Ability of Admins in RODC.

  1. Admins can Manage Share and Printers.
  2. Admins can Manage Drivers, Apps, and Updates.
  3. Admins can Manage Disk Fragmentation.

How to Add Admin in RODC?

You can add Admins in RODC in four methods.

  1. You can Add Admin while installing RODC.
  2. You can Add Admin while installing pre-staged RODC.
  3. You can Add Admin with Command line and Answer File with ADK.
  4. You can Add Admin from Post Installation like UI, Dsmgmt, NTDSutil.

How to install RODC from Server Manager?

When it comes to installing of any feature or any role they installation can be performed weather Graphically or from Command line with PowerShell. In today’s let’s take a look How to install that from Server Manager? After learning all the basics about RODC, so let’s go ahead and start How to install RODC in server 2016 from server Manager. For this Operation I am using VMware Workstation, you can use any Virtual Machine like Hyper-V, VirtualBox or another Virtual Machine.

Since RODC can’t perform only in one Operating System, I have already set my environment. On the left side that is my Domain Controller and on the left side, that is my RODC Operating System. In my RODC system I have already installed ADDS but yet I have configured that. So let’s go ahead and configure that.

Step #1. Open Server Manager.

Step #2. On the left pane, click AD DS. On the right-pane, click More in the yellow bar. Take a look at the screenshot.

Understanding Read-Only Domain Controller

Server Manager

Step #3. When the All Servers Task Details window opens (Take a look at the Screenshot), click Promote this server to a domain controller. The Active Directory Domain Services Configuration Wizard starts.

Understanding Read-Only Domain Controller

All Server Task Details and Notification

Step #4. On the Deployment Configuration page select the Add a domain controller to an existing domain. After selecting that Enter the Domain Name and Credential. When you are done click next.

Understanding Read-Only Domain Controller

Deployment Configuration

Step #5. On the Domain Controllers Options page, select Read-only domain controller (RODC). Type a Directory Service Restore Mode (DSRM) password in the Password and Confirm password text boxes. When you are done click next.

Understanding Read-Only Domain Controller

Domain Controller Options

Step #6. On the RODC Options page, Select in the Delegated Administrator account section (Administrator for RODC). When the Select User or Group dialog box opens, type the name of the account to be used as a delegated administrator in the Enter the object names to select the text box and click OK.  Also down that select Group or Clients that their account Password is replicated to the RODC. Also down their the accounts the accounts which are denied from replicating to the RODC. If you want again you can add them.

Understanding Read-Only Domain Controller

RODC Options

Step #7. On the Additional Options page click Next.

Understanding Read-Only Domain Controller

Additional Options

Step #8. On the Paths page, click Next.

Understanding Read-Only Domain Controller

Paths

Step #9.  On the Review Options page, click Next.

 

Understanding Read-Only Domain Controller

Review Options

 

Step #10.  On the Prerequisites Check page, click Install.

Understanding Read-Only Domain Controller

Prerequisites Check

Step #11.   When the installation is complete, restart the domain controller.

Conclusion 

It was all about, Understanding Read-Only Domain Controller. I hope you have learned this article, I hope you will ask your questions, give us your suggestions, opinion about what articles we have to write. If you faced any problem tell us below by comment, Feel free to tell us. we’re waiting for your suggestion.

Share this:

  • Tweet
  • Share on Tumblr

Related

Share
Tweet
Email
Prev Article
Next Article

Related Articles

Raising WiFi internet Security: Many of wireless Internet users at …

Train Raising WiFi internet Security and Wireless LAN

How to Create Local Administrator Account in Windows Server 2016
In this post, you will learn how to create local …

Create Local Administrator Account in Windows Server 2016

About The Author

Ghulam Abbas

I'm a Graphic Designer, Content Writer, and Network System Administrator. I would like to write and share my experiences on the internet. Your feedback will make my articles better.

2 Comments

  1. Newton

    When you take a moment to consider what is held on a domain controller namely all of your Company user accounts, including your infrastructure accounts if these were to be compromised, it would be a massive security risk to your network.

    May 11, 2017
    • Ghulam Abbas

      yes, it’s risky, but the Domain controller should not give them the complete permission.

      May 19, 2017

Leave a Reply

Cancel reply

Popular Posts

  • Download Optical flares for After Effects CC …
    0
    What are Optical Flares? Optical Flares is a plug-in for …
  • Kali Linux 2018.1
    How to Install Kali Linux 2018 on …
    0
    Kali Linux 2018.1 has has released in 2018 of this …
  • Install Internet Download Manager
    How to Download and Install IDM free?
    0
    In this tutorial, I am going to show you how …
  • Adobe Illustrator CC
    Adobe Illustrator CC 2017 Free Download for …
    0
    Adobe Illustrator CC is another well-known company of Adobe, whose …
  • Android 6.0 Marshmallow on PC or VirtualBox
    How to Install Android 6.0 Marshmallow on …
    0
    Before most Android devices have even received Android 6.0 Marshmallow, Google …

Nyazit

Information Technology

About

  • About Us
  • Contact Us
  • Privacy Policy
  • Write for us

Subscribe to Blog via Email

Enter your email address to subscribe to NyazIt and receive notifications of new posts by email.

Join 7,471 other subscribers

Copyright © 2018 Nyazit

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh