Hi All
I have below scenario and don't know what to do..
Clients are not able to get authenticated when RODC server in their site is down.
I have another RODC in other site that may help with redundancy but how to configure it?
-
Read Only Domain Controller
-
Before trying to get another DC involved if you've got replication to a RWDC at another site setup correctly (which I assume because I'm inferring that it works when the site connection is working). Verify that you've enabled `Universal Group Membership Caching in your AD (you may have to do this on your RWDC)
Click here for explanation and direction.
Also verify that your RODC at the site is a Global Catalog too!
Cordially,
Ronnie Wong
Edutainer, ITProTV**if the post above has answered the question, please mark the topic as solved.
-
Hi Ronnie
Thanks for your reply
Yes, When site connection is working I have replication with RWDC but sometimes network link gets broken or RODC go down also sometimes.
This RWDC is being blocked by a firewall and only allow RODC traffic.So in that scenario I am trying to look for the RODC in another near site to provide authentication.
-
I do not believe that RODCs will replicate from another RODCs in the same site better yet another site. There are two goals for using RODCs. The first goal of RODC at a branch site is so it doesn't have to depend on the link being up from your RWDC, resulting in faster domain logons along with access to network resources. The second goal is so that no one in that branch office can manipulate or change the AD from the branch site.
So just to follow the logic. A RODC in Site A to be looking to another RODC in Site B would mean that it would be dependent upon that link to be up. What are you trying to do if the RODC in Site B goes down too? Secondly, It would mean that the RODC in Site A would be updating from RODC in Site B and not the RWDC. This would defeat the purpose of your Site A RODC from being manipulated and records replicated by only the RWDC.
Now that I've said that... I'm hoping that I'm wrong in what I've told you and someone else will tell you how to configure what you're trying to do.
Cordially,
Ronnie Wong
Edutainer, ITProTV**if the post above has answered the question, please mark the topic as solved.
