How to know ReadOnly domain controller

-

1. identify dc read or not.

how ?

2. read dc authenticate user ? think ro dc not have user password.

3. when changing user password , ro dc accept password change request , forward pdc ?

i know it need firewall rule permit traffic end user pdc when changing password.

1. identify dc read or not.how ?
if run netdom query dc writable dcs returned.instead run nltest /dclist:contoso.com, both writable , rodcs returned.

2.read dc authenticate user? think rodc not have user password?
when user attempts login @ site rodc - if rodc not have users password in cache rodc contact rwdc - rwdc supply rodc users password.an rodc database holds active directory domain service objects , attributes writable domain controller holds except accounts passwords. in rodc, passwords never replicated database. instead, can cached according password replication policy.

how’s user authentication working in site rodc?
http://www.frickelsoft.net/blog/?p=232
http://blogs.technet.com/b/askds/archive/2008/01/18/understanding-read-only-domain-controller-authentication.aspx

3.when changing user password ,rodc accept password change request , forward pdc ?
when password changed or reset against rodc, rodc forward change w2k8 rwdc , after automatically inbound replicate password using "replicate single object" method assuming account password reset/changed still allowed cached/stored.

reference links:

password authentication on rodc
http://social.technet.microsoft.com/forums/en-us/winserverds/thread/f8d1017e-1f0e-4a9d-a241-b03b508dfe17

password replication policy
http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy(v=ws.10).aspx

rodc asked questions
http://technet.microsoft.com/en-us/library/cc754956(v=ws.10).aspx

hope helps

best regards,

sandesh dubey.

mcse|mcsa:messaging|mcts|mcitp:enterprise adminitrator | blog

disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights.




Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Error: 0x80073701 when trying to add Print Services Role in Windows 2012 Standard

-
hello, i'm getting error when trying add print services role in windows 2012 standard. i'm getting same error whether use gui or powershell. this new server install. the powershell error follows: add-windowsfeature : request add or remove features on specified server failed. installation of 1 or more roles, role services, or features failed. the referenced assembly not found. error: 0x80073701 at line:1 char:1 + add-windowsfeature print-services + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : invalidoperation: (@{vhd=; credent...name=localhost}:psobject) [install-windowsfeature],     exception     + fullyqualifiederrorid : dismapi_error__failed_to_enable_updates,microsoft.windows.servermanager.commands.addwind    owsfeaturecommand success restart needed exit code      feature result ------- -------------- ---------      -------------- false   no             failed         {} issue appreciated. hi, i think should st
Read more

Disconnecting from a Windows Server 2012 R2 file sharing session on a Windows 7,8,10 machine

-
i've been trying disconnect server while , haven't been able to. there quick way this? i've used net session , net user , work sometime never consistent. can task? hi yrusad, thanks post. does work when check “computer management > system tools > shared folders > open files/sessions”. directly manage from gui. and based on knowledge, quick way mentioned net session /delete /y. mean never consistent? best regards, mary please remember mark replies answers if , unmark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com . Windows Server  >  Windows Server 2012 General
Read more

Event ID 64,77,1008 Certificates Events Windows Server 2008, 2008R2

-
hi guys, i need event ids. event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? event id 77 - 1 strange me. warning , in same time don't see suspicious: "windows default" policy module logged following warning: active directory connection <domain controller name> has been reestablished <domain controller name>. have 4 dcs. should check or ignore these messages. event id 1008 - "certificate services client: credential roaming not performed because number of tokens in local store has exceeded limit." - i've checked articles credential roaming i'm not sure should do. if give tips , answers, great. in advance. hi, event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? i assume these
Read more