How to know ReadOnly domain controller
1. identify dc read or not.
how ?
2. read dc authenticate user ? think ro dc not have user password.
3. when changing user password , ro dc accept password change request , forward pdc ?
i know it need firewall rule permit traffic end user pdc when changing password.
1. identify dc read or not.how ?
if run netdom query dc writable dcs returned.instead run nltest /dclist:contoso.com, both writable , rodcs returned.
2.read dc authenticate user? think rodc not have user password?
when user attempts login @ site rodc - if rodc not have users password in cache rodc contact rwdc - rwdc supply rodc users password.an rodc database holds active directory domain service objects , attributes writable domain controller holds except accounts passwords. in rodc, passwords never replicated database. instead, can cached according password replication policy.
how’s user authentication working in site rodc?
http://www.frickelsoft.net/blog/?p=232
http://blogs.technet.com/b/askds/archive/2008/01/18/understanding-read-only-domain-controller-authentication.aspx
3.when changing user password ,rodc accept password change request , forward pdc ?
when password changed or reset against rodc, rodc forward change w2k8 rwdc , after automatically inbound replicate password using "replicate single object" method assuming account password reset/changed still allowed cached/stored.
reference links:
password authentication on rodc
http://social.technet.microsoft.com/forums/en-us/winserverds/thread/f8d1017e-1f0e-4a9d-a241-b03b508dfe17
password replication policy
http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy(v=ws.10).aspx
rodc asked questions
http://technet.microsoft.com/en-us/library/cc754956(v=ws.10).aspx
hope helps
best regards,
sandesh dubey.
mcse|mcsa:messaging|mcts|mcitp:enterprise adminitrator | blog
disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights.
Windows Server > Directory Services
Comments
Post a Comment