Read Only Domain Controller ( RODC )
A Read Only Domain Controller is a new type of Domain Controller in Windows Server 2008. Main Purpose to create Read Only Domain Controller is to increase security as its mainly kept in Branch offices. In Office branches it is not possible to provide enough physical security.
# Read only Feature: An Hacker cant manipulate Active Directory Database on RODC.
# DNS Server Safety: If RODC server also holds DNS feature than Hacker will not able hack any DNS data.
# Password Protection: An Hacker will not able to hack passwords. This will happen only if password caching is disabled on RODC.
# Administrator delegation: You can delegate local Administrator role to Domain user too.
RODC -
# A RODC holds all Active Directory Objects and Attributes.
# If an application needs write access to AD objects, RODC will send LDAP referral response which redirects application towards writable Domain Controller.
# RODC does not store User or Computer Credentials. RODC can cache passwords and if password is not cached RODC will forward request to writable DC.
# A Domain user having Administrator role on RODC does not have to be Domain admin member.
# A Domain user having Administrator role can do Admin work like installing software on RODC.
RODC Installation:
1. Type Dcpromo.exe in Run and press Enter.
2. Welcome screen stating Installation wizard will come. Click Next.
3. Next it will ask to Add New Domain Controller to existing forest or Create new Domain controller in existing forest. Click on Add a Domain controller to existing Domain.
4. Specify name of Domain to which we want to make Additional Domain Controller.
We need to provide Domain Administrator User name and password in Alternate Credentials window and Click Next to continue.
5. Confirm Domain for this Additional Domain Controller.
6. Confirm Site name where we need to install Additional Domain Controller.
7. Select Roles which we want to install and click here on RODC.
8. We can select to delegate Administrator role to any Domain User.
9. Select path to store AD Database files, Log Files and System Volume.
10. Specify Directory Service Restore Mode password.
11. We will able to see all options which we have selected and also can export same to file.
12. Installation will begin and replication process will start. After finishing Installation it will restart and RODC will get ready.
11. We will able to see all options which we have selected and also can export same to file.
12. Installation will begin and replication process will start. After finishing Installation it will restart and RODC will get ready.
No comments :
Post a Comment