Symantec Management Platform (Notification Server)

Applications are so heavily dependent on Domain Controllers for authentication or any connectors that communicate by sending LDAP queries to DC. But When it comes to securing these domain controllers, there is always question in mind of how to secure and prevent accidental deletion of objects, OU, or users. Windows 2008 has a very unique feature called RODC, Read Only Domain Controllers, where it stores a read only copy of DC, which will ensure no such accidental happenings from the sever that is running this role. In this article I will cover what is RODC and how to install this very cool feature.

Read Only Domain Controllers (RODC) In Windows 2008 Server

Domain controllers plays a very critical role for user management as well as application management, especially when an application talks with Active Directory services for retrieving information, authentication, etc. So with the help of this article, we will understand this unique concept in Windows 2008 Server.

What is RODC

It' s nothing but a read only copy of an Active Directory Services. The main idea of its introduction was for branch offices, where you want to minimize the risks to business in the form of staffing, security etc.

Characteristics of RODC server In Windows 2008

1. RODC doesn' t replicate anything from its end as the changes cannot be made from RODC server - But it will receive the changes from other domain controllers which have read/write copy.
2. RODC server that holds DNS server Service will also be read only copy.
3. To run server in RODC mode the forest functional level should be Windows 2003 or 2008.
4. RODC can be installed in 2008 core mode.

Installation of RODC Server

Following are the steps for deploying RODC

1. Go to RUN and type dcpromo
2. You will get one dialog box select advanced mode and click next
3. Select Existing forest/Domain as they join an existing Domain Controllers as there should be READ/WRITE domain controllers in your environment.
4. Enter Domain Name and specify the credentials of Domain Admin account
5. Select the site to install the domain controllers and press next
6. On additional domain controller dialog box select the role that RODC will have-DNS, Global Catalog, RODC
7. In password replication policy page select the account for replicating to RODC
8. Then you will receive the administration page that will be local administrators
9. On Install page, you can replicate from an existing domain controller or from media, for media you need to write a CD with existing DC information and send across to remote location, select as per your choice which option is best for you and select next. We will select domain controller
10. On source domain controller dialog box, we can let wizard pick existing DC or specifying the existing DC manually for replication
11. Specify the database location
12. Specify AD restore mode password

Then it will start the process of RODC installation.