Rodc

sina2011sina2011 Member Posts: 239 ■□□□□□□□□□
in MCTS / MCITP on Windows 2008 General
hey guys I just have a quick question

straight to the point I have installed a RODC but the werid thing is that in server manager I cant create user accounts and objects in AD but when I go to the Administrative tools and go to AD users and computers I can create user accounts and objects.

Does anybody know the reason why its like that?.


Thanks.
· Share on FacebookShare on Twitter

Comments

  • earweedearweed Member Posts: 5,192 ■■■■■■■■■□
    When you go to administrative tools are you actually adding those accounts on a different (complete) DC? You can't do those things on a RODC but you can access another DC from your workstation (if you have the right credentials) with administrative tools.
    No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
    · Share on FacebookShare on Twitter
  • sina2011sina2011 Member Posts: 239 ■□□□□□□□□□
    thanks for your quick response earweed.

    What I mean is I have a RODC when I use the server manager in the RODC I cant create AD objects which is acceptable because its a rodc but if I go to the Administrative tools on the rodc and click AD users and computers I can create users and objects in AD on the RODC Domain controller.

    hope I have made it more simplier to understand sorry about my previous post I was trying to make it non-complicated as much as possible. :)

    Thanks
    · Share on FacebookShare on Twitter
  • EssendonEssendon Member Posts: 4,546 ■■■■■■■■■■
    You can do it via admin tools because you are targetting the writable DC.
    NSX, NSX, more NSX..

    Blog >> http://virtual10.com
    · Share on FacebookShare on Twitter
  • sina2011sina2011 Member Posts: 239 ■□□□□□□□□□
    If thats the case thanks essendon.
    · Share on FacebookShare on Twitter
  • crrussell3crrussell3 Member Posts: 561
    At the top of the ADUC console, it says "Active Directory Users and Computers [name of DC you are connected to]. Verify what the name says in brackets. Is it your RODC? Or is it a writable dc?
    MCTS: Windows Vista, Configuration
    MCTS: Windows WS08 Active Directory, Configuration
    · Share on FacebookShare on Twitter
  • sina2011sina2011 Member Posts: 239 ■□□□□□□□□□
    it says RODC
    · Share on FacebookShare on Twitter
  • spd3432spd3432 Member Posts: 224
    Sina,

    When you log onto an RODC and open ADUC it automatically focuses on a writeable DC until you change the focus. After you focus on an RODC, the 'new' option no longer exists on the context menus (I've added two screenshots -- one for DC1 and one for RODC1). I've expanded the left hand pane on both screenshots so you can see the computer name of the focused domain controller.

    When you open server manager you can't access active directory to create objects nor can you access the local security database (users and groups) when you're on a domain controller. If you need to add an account to administer a branch-office read-only domain controller, you need to use command-line tools (dsmgmt.exe) (do a technet search on administrative role separation).

    Sean
    ----CCNP goal----
    Route [ ] Studying
    Switch [ ] Next
    Tshoot [ ] Eventually
    · Share on FacebookShare on Twitter
  • sina2011sina2011 Member Posts: 239 ■□□□□□□□□□
    hey Sean thanks for your reply.

    Yeah that was my confusion and I will look into the dsmgmt command line tool in technet see what I can come up with.

    thanks alot I appreciate it.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.