RODC best practices, security and administration

Attacking and securing a RODC:   How to delegate RODC administration: from the ADUC, select the RODC computer object, ManagedBy tab (select user of group)   What are the tasks to do to manage a RODC in branch office:        

RODC Install and Troubleshooting Resources

Here are collection of web articles to troubleshoot a RODC: Introduction: Read-Only Domain Controller Planning and Deployment Guide: AND also: AND step-by-step: On branch office with RODC and client computers running XP or W2k3 servers, apply the patches here: In French the article from Benoit Sautiere: AD DSContinue reading “RODC Install and Troubleshooting Resources”

RODC pre-populating passwords

The two traditional means for pre-populating passwords has some limitations. Currently, using the Active Directory Users and Computers console or the repadmin command does not allow for the usage of security groups. Because pre-populating passwords one account at a time or in small batches based on organizational units may not be practical, you can useContinue reading “RODC pre-populating passwords”

When a read-only domain controller (RODC) write to its database?

The name “read-only domain controller” implies that its database is read-only, and it is in nearly all situations, except for one group of attributes. If a user requests a write operation to an RODC, the RODC forwards the request to a read-writable domain controller (RWDC), which then replicates the changes back to the RODC. IfContinue reading “When a read-only domain controller (RODC) write to its database?”