RODC question
danc_101
Member Posts: 60 ■■□□□□□□□□
Ok, am I missing something very obvious here..
Say I have 1 domain with 2 sites. I deploy a RODC in the 2nd site with no other DC's in that site. How will any Intersite replication occur as the KCC / ISTG process will never make a RODC a BH for the site.
Say I have 1 domain with 2 sites. I deploy a RODC in the 2nd site with no other DC's in that site. How will any Intersite replication occur as the KCC / ISTG process will never make a RODC a BH for the site.
Comments
-
earweed Member Posts: 5,192 ■■■■■■■■■□Why not? and does it necessarilly have to be a BH for it to receive replication traffic?No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
-
danc_101 Member Posts: 60 ■■□□□□□□□□A RODC cannot be a BH or hold any FSMO roles. Only a local BH can send / receive Intersite replication between sites. Its strange as I did this in a lab and would have thought MS would have put a warning in telling me this.
-
earweed Member Posts: 5,192 ■■■■■■■■■□Did you do this in a lab and get no replication traffic? I'm just interested to know as I just did the 83-640 and this is a good question. Any solutions? Besides making it one site where intrasite replication would occur.No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
-
danc_101 Member Posts: 60 ■■□□□□□□□□Yes, I did this in a lab (preparing for 70-647). The purpose of the RODC is for branch offices where the physical security cannot be guaranteed, but what about if the branch office is connected over a slow WAN connection and you have to put it into a new site.
There must be an answer ? -
Devilsbane Member Posts: 4,214 ■■■■■■■■□□Yes, I did this in a lab (preparing for 70-647). The purpose of the RODC is for branch offices where the physical security cannot be guaranteed, but what about if the branch office is connected over a slow WAN connection and you have to put it into a new site.
There must be an answer ?
Then you are either going to need to upgrade the WAN link or find a way to ensure physical security at the second site.Decide what to be and go be it. -
MentholMoose Member Posts: 1,525 ■■■■■■■■□□An RODC can do inbound replication (both intra or intersite), but it cannot do outbound replication (neither intra or intersite). So it handles half of the bridgehead functionality, although it can never by a full bridgehead server. If it's not working for you in a lab then there is some other problem.MentholMoose
MCSA 2003, LFCS, LFCE (expired), VCP6-DCV -
earweed Member Posts: 5,192 ■■■■■■■■■□That's what I was wondering about as I recall seeing things in studying about an RODC being alone in a seperate site. I was wondering if I was missing something. So there's something else causing him not to have replication to the RODC.No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
-
danc_101 Member Posts: 60 ■■□□□□□□□□Strange, let me go back to my lab, thanks - I thought there must be a issue somewhere..
-
Hyper-Me Banned Posts: 2,059as moose said.
I had RODC's in 4 satellite locaitons at my last job and all replicated inbound just fine.
There, of course, would be no outbound replication because its read-only. -
stonedtrout Member Posts: 18 ■□□□□□□□□□as moose said.
I had RODC's in 4 satellite locaitons at my last job and all replicated inbound just fine.
There, of course, would be no outbound replication because its read-only.
This is exactly how I understood it. However you had to choose what data to cache if any. For example a RODC you would not want to cache passwords for the enitre domain, however if you have an unreliable wan then you can create a shadow policy and give the ability to only cache the passwords for those users.
If you interested I have a lab I can send ya' just pm me -
Hyper-Me Banned Posts: 2,059stonedtrout wrote: »This is exactly how I understood it. However you had to choose what data to cache if any. For example a RODC you would not want to cache passwords for the enitre domain, however if you have an unreliable wan then you can create a shadow policy and give the ability to only cache the passwords for those users.
If you interested I have a lab I can send ya' just pm me
Yes you do have to specify whats replicated. This is for security and/or performance reasons.