Home
Certification Preparation
Microsoft
MCTS / MCITP on Windows 2008 General
Rodc
sina2011
hey guys I just have a quick question
straight to the point I have installed a RODC but the werid thing is that in server manager I cant create user accounts and objects in AD but when I go to the Administrative tools and go to AD users and computers I can create user accounts and objects.
Does anybody know the reason why its like that?.
Thanks.
Find more posts tagged with
Comments
earweed
When you go to administrative tools are you actually adding those accounts on a different (complete) DC? You can't do those things on a RODC but you can access another DC from your workstation (if you have the right credentials) with administrative tools.
sina2011
thanks for your quick response earweed.
What I mean is I have a RODC when I use the server manager in the RODC I cant create AD objects which is acceptable because its a rodc but if I go to the Administrative tools on the rodc and click AD users and computers I can create users and objects in AD on the RODC Domain controller.
hope I have made it more simplier to understand sorry about my previous post I was trying to make it non-complicated as much as possible.
Thanks
Essendon
You can do it via admin tools because you are targetting the writable DC.
sina2011
If thats the case thanks essendon.
crrussell3
At the top of the ADUC console, it says "Active Directory Users and Computers [name of DC you are connected to]. Verify what the name says in brackets. Is it your RODC? Or is it a writable dc?
sina2011
it says RODC
spd3432
Sina,
When you log onto an RODC and open ADUC it automatically focuses on a writeable DC until you change the focus. After you focus on an RODC, the 'new' option no longer exists on the context menus (I've added two screenshots -- one for DC1 and one for RODC1). I've expanded the left hand pane on both screenshots so you can see the computer name of the focused domain controller.
When you open server manager you can't access active directory to create objects nor can you access the local security database (users and groups) when you're on a domain controller. If you need to add an account to administer a branch-office read-only domain controller, you need to use command-line tools (dsmgmt.exe) (do a technet search on administrative role separation).
Sean
DC1.jpg
RODC1.jpg
sina2011
hey Sean thanks for your reply.
Yeah that was my confusion and I will look into the dsmgmt command line tool in technet see what I can come up with.
thanks alot I appreciate it.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
