Modifications necessary to dns for accommodating rodc

However, the passwords are cached on the server, and only once the RODC has contacted a writable domain controller of authentication.

You would need to build two servers (or virtual machines) within your domain, with one obviously being the RODC.

As mentioned previously, you must have a writable domain controller for the RODC to replicate with, so you must specify this in the installation.

From here you can setup the PRP (password replication policy); if you are following Microsoft best practice (which you always would, of course!

Microsoft obviously realizes that this is a big issue for companies that often have small offices but also have domain requirements.

Small networks often come with further downsides, such as poor WAN links.

Leave a Reply