RODC

Hello all

We want to setup a RODC in a remote branch office, i can understand this
request no problem. Now the request has changed a bit to combine DNS, DHCP
and file/print services on the RODC. My questions are

#1 can multiple roles be in installed on a RODC?

#2 If i can install DNS on the RODC do i point the client machines to the
RODC for DNS?

#3 Is DNS on the RODC a read and write zone or jsut a read only zone?

#4 If the zone is read only how do the clients register there A records with
a RODC with DNS?

#3 Is the AD database the only thing that is read only on a RODC?

Many thanks

1. Yes (I assume that you are referring to Windows Server 2008 server
roles - correct?). Note that the RODC can not take on any of the Operation
Master roles - although it can function as a Global Catalog
2. Yes
3. Read only (assuming that you are referring to the AD-integrated zones).
4. Client registrations/updates are sent to a writable DNS zone hosted on an
RWDC. More specifically, RODC provides the client with the reference to an
RWDC (so the client registers/updates its record there) and attempts shortly
afterwards to pull it via inbound Replicate Single Object replication from
the referenced RWDC).
5. To be exact, AD database is not truly "read only" - but rather very
restricted in terms of operations that can modify its content. This is
combined with lack of ability to perform outbound replication (to preclude
any chance of affecting other domain controllers in the forest).

hth
Marcin

"skip" <shofmann@kbb.com> wrote in message
news:C20A53B4-3308-485C-A599-D3A6F7128D50@microsoft.com...
> Hello all
>
> We want to setup a RODC in a remote branch office, i can understand this
> request no problem. Now the request has changed a bit to combine DNS, DHCP
> and file/print services on the RODC. My questions are
>
> #1 can multiple roles be in installed on a RODC?
>
> #2 If i can install DNS on the RODC do i point the client machines to the
> RODC for DNS?
>
> #3 Is DNS on the RODC a read and write zone or jsut a read only zone?
>
> #4 If the zone is read only how do the clients register there A records
> with a RODC with DNS?
>
> #3 Is the AD database the only thing that is read only on a RODC?
>
> Many thanks

Hello skip,

1. Yes.
2. Yes.
3.+4. Read-only, you need a writable DNS server where the RODC can forward
to.
5. Yes. But it holds the same content as a writable DC, except for the account
passwords.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello all
>
> We want to setup a RODC in a remote branch office, i can understand
> this request no problem. Now the request has changed a bit to combine
> DNS, DHCP and file/print services on the RODC. My questions are
>
> #1 can multiple roles be in installed on a RODC?
>
> #2 If i can install DNS on the RODC do i point the client machines to
> the RODC for DNS?
>
> #3 Is DNS on the RODC a read and write zone or jsut a read only zone?
>
> #4 If the zone is read only how do the clients register there A
> records with a RODC with DNS?
>
> #3 Is the AD database the only thing that is read only on a RODC?
>
> Many thanks
>

Howdie!

skip wrote:
> #1 can multiple roles be in installed on a RODC?

Sure. You can put print, dhcp and all kinds of stuff on there.

> #2 If i can install DNS on the RODC do i point the client machines to
> the RODC for DNS?

Yes you do. It'll serve as a DNS server and...

> #3 Is DNS on the RODC a read and write zone or jsut a read only zone?

....redirect write requests to a writable DNS server. The RODC does not
modify any Active Directory related data. Never.

> #3 Is the AD database the only thing that is read only on a RODC?

Ya. The Active Directory role and DNS is read-only. You can't modify
data in there. Other roles like IIS, DHCP and stuff need to be writable
though - they have no direct relation to the directory.

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

(1) Yes, those roles can be combined with the RODC. It is way better than
doing it on a RWDC
(2) yes, that is good for DNS queries. For DNS registrations the clients can
also target the RODC for DNS. Because the RODC is read-only it will refer
the registering client to a RWDC whether or not the PWD is allowed to be
cached
(3) RODC has a read-only AD DB. So all the AD-integrated DNS zones ON THE
RODC are read-only
(4) see (2)
(5) AD DB and SYSVOL

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"skip" <shofmann@kbb.com> wrote in message
news:C20A53B4-3308-485C-A599-D3A6F7128D50@microsoft.com...
> Hello all
>
> We want to setup a RODC in a remote branch office, i can understand this
> request no problem. Now the request has changed a bit to combine DNS, DHCP
> and file/print services on the RODC. My questions are
>
> #1 can multiple roles be in installed on a RODC?
>
> #2 If i can install DNS on the RODC do i point the client machines to the
> RODC for DNS?
>
> #3 Is DNS on the RODC a read and write zone or jsut a read only zone?
>
> #4 If the zone is read only how do the clients register there A records
> with a RODC with DNS?
>
> #3 Is the AD database the only thing that is read only on a RODC?
>
> Many thanks

> 5. Yes. But it holds the same content as a writable DC, except for the
> account passwords.

for those accounts that have NOT been configure to be cached and are not
actually cached. additionally attribute values for attributes that a member
of the filtered attribute set (FAS) also do not replicate to a RODC

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb66185ee8cb570b69d5db1f@msnews.microsoft.com...
> Hello skip,
>
> 1. Yes.
> 2. Yes.
> 3.+4. Read-only, you need a writable DNS server where the RODC can forward
> to.
> 5. Yes. But it holds the same content as a writable DC, except for the
> account passwords.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hello all
>>
>> We want to setup a RODC in a remote branch office, i can understand
>> this request no problem. Now the request has changed a bit to combine
>> DNS, DHCP and file/print services on the RODC. My questions are
>>
>> #1 can multiple roles be in installed on a RODC?
>>
>> #2 If i can install DNS on the RODC do i point the client machines to
>> the RODC for DNS?
>>
>> #3 Is DNS on the RODC a read and write zone or jsut a read only zone?
>>
>> #4 If the zone is read only how do the clients register there A
>> records with a RODC with DNS?
>>
>> #3 Is the AD database the only thing that is read only on a RODC?
>>
>> Many thanks
>>
>
>

Hello Jorge de Almeida Pinto [MVP - DS],

Thanks for making it more clear. :-)

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


>> 5. Yes. But it holds the same content as a writable DC, except for
>> the account passwords.
>>
> for those accounts that have NOT been configure to be cached and are
> not actually cached. additionally attribute values for attributes that
> a member of the filtered attribute set (FAS) also do not replicate to
> a RODC
>
> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
> #
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ----------------------------------------------------------------------
> --------------------
> * This posting is provided "AS IS" with no warranties and confers no
> rights!
> * Always test ANY suggestion in a test environment before
> implementing!
> ----------------------------------------------------------------------
> --------------------
> #################################################
> #################################################
> ----------------------------------------------------------------------
> --------------------
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb66185ee8cb570b69d5db1f@msnews.microsoft.com...
>
>> Hello skip,
>>
>> 1. Yes.
>> 2. Yes.
>> 3.+4. Read-only, you need a writable DNS server where the RODC can
>> forward
>> to.
>> 5. Yes. But it holds the same content as a writable DC, except for
>> the
>> account passwords.
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hello all
>>>
>>> We want to setup a RODC in a remote branch office, i can understand
>>> this request no problem. Now the request has changed a bit to
>>> combine DNS, DHCP and file/print services on the RODC. My questions
>>> are
>>>
>>> #1 can multiple roles be in installed on a RODC?
>>>
>>> #2 If i can install DNS on the RODC do i point the client machines
>>> to the RODC for DNS?
>>>
>>> #3 Is DNS on the RODC a read and write zone or jsut a read only
>>> zone?
>>>
>>> #4 If the zone is read only how do the clients register there A
>>> records with a RODC with DNS?
>>>
>>> #3 Is the AD database the only thing that is read only on a RODC?
>>>
>>> Many thanks
>>>