RODC best practices, security and administration

Attacking and securing a RODC: https://adsecurity.org/?p=3592   How to delegate RODC administration: from the ADUC, select the RODC computer object, ManagedBy tab (select user of group)   What are the tasks to do to manage a RODC in branch office: http://technet.microsoft.com/en-us/library/dd736126(v=ws.10).aspx        

RODC Install and Troubleshooting Resources

Here are collection of web articles to troubleshoot a RODC: Introduction: http://technet.microsoft.com/en-us/library/cc732801(WS.10).aspx Read-Only Domain Controller Planning and Deployment Guide: http://technet.microsoft.com/en-us/library/cc771744(v=ws.10).aspx AND also: http://technet.microsoft.com/en-us/library/cc754956(WS.10).aspx AND step-by-step: http://technet.microsoft.com/en-us/library/cc772234(v=ws.10).aspx On branch office with RODC and client computers running XP or W2k3 servers, apply the patches here: http://support.microsoft.com/kb/944043 http://social.technet.microsoft.com/Forums/fr-FR/windowsserver2008fr/thread/62c52d0f-dbda-46cb-9860-3953a0cb00f5/ http://technet.microsoft.com/en-us/library/cc732322(WS.10).aspx http://www.winvistatips.com/re-authentification-win2k8-r2-inter-site-t809529.html In French the article from Benoit Sautiere: http://blogcastrepository.com/blogs/benoits/archive/2009/10/19/quelques-subtilit-233-s-autour-du-rodc.aspx AD DSContinue reading “RODC Install and Troubleshooting Resources”

RODC pre-populating passwords

The two traditional means for pre-populating passwords has some limitations. Currently, using the Active Directory Users and Computers console or the repadmin command does not allow for the usage of security groups. Because pre-populating passwords one account at a time or in small batches based on organizational units may not be practical, you can useContinue reading “RODC pre-populating passwords”

When a read-only domain controller (RODC) write to its database?

The name “read-only domain controller” implies that its database is read-only, and it is in nearly all situations, except for one group of attributes. If a user requests a write operation to an RODC, the RODC forwards the request to a read-writable domain controller (RWDC), which then replicates the changes back to the RODC. IfContinue reading “When a read-only domain controller (RODC) write to its database?”