RODC question

danc_101 · May 2010

Ok, am I missing something very obvious here..

Say I have 1 domain with 2 sites. I deploy a RODC in the 2nd site with no other DC's in that site. How will any Intersite replication occur as the KCC / ISTG process will never make a RODC a BH for the site.

earweed · May 2010

Why not? and does it necessarilly have to be a BH for it to receive replication traffic?

danc_101 · May 2010

A RODC cannot be a BH or hold any FSMO roles. Only a local BH can send / receive Intersite replication between sites. Its strange as I did this in a lab and would have thought MS would have put a warning in telling me this.

earweed · May 2010

Did you do this in a lab and get no replication traffic? I'm just interested to know as I just did the 83-640 and this is a good question. Any solutions? Besides making it one site where intrasite replication would occur.

danc_101 · May 2010

Yes, I did this in a lab (preparing for 70-647). The purpose of the RODC is for branch offices where the physical security cannot be guaranteed, but what about if the branch office is connected over a slow WAN connection and you have to put it into a new site.

There must be an answer ?

Devilsbane · May 2010

danc_101 wrote: »

Yes, I did this in a lab (preparing for 70-647). The purpose of the RODC is for branch offices where the physical security cannot be guaranteed, but what about if the branch office is connected over a slow WAN connection and you have to put it into a new site.

There must be an answer ?

Then you are either going to need to upgrade the WAN link or find a way to ensure physical security at the second site.

MentholMoose · May 2010

An RODC can do inbound replication (both intra or intersite), but it cannot do outbound replication (neither intra or intersite). So it handles half of the bridgehead functionality, although it can never by a full bridgehead server. If it's not working for you in a lab then there is some other problem.

earweed · May 2010

That's what I was wondering about as I recall seeing things in studying about an RODC being alone in a seperate site. I was wondering if I was missing something. So there's something else causing him not to have replication to the RODC.

danc_101 · May 2010

Strange, let me go back to my lab, thanks - I thought there must be a issue somewhere..

Hyper-Me · May 2010

as moose said.

I had RODC's in 4 satellite locaitons at my last job and all replicated inbound just fine.

There, of course, would be no outbound replication because its read-only.

stonedtrout · May 2010

Hyper-Me wrote: »

as moose said.

I had RODC's in 4 satellite locaitons at my last job and all replicated inbound just fine.

There, of course, would be no outbound replication because its read-only.

This is exactly how I understood it. However you had to choose what data to cache if any. For example a RODC you would not want to cache passwords for the enitre domain, however if you have an unreliable wan then you can create a shadow policy and give the ability to only cache the passwords for those users.

If you interested I have a lab I can send ya' just pm me

Hyper-Me · May 2010

stonedtrout wrote: »

This is exactly how I understood it. However you had to choose what data to cache if any. For example a RODC you would not want to cache passwords for the enitre domain, however if you have an unreliable wan then you can create a shadow policy and give the ability to only cache the passwords for those users.

If you interested I have a lab I can send ya' just pm me

Yes you do have to specify whats replicated. This is for security and/or performance reasons.

RODC question

Comments