Print Friendly and PDF

Deploying Read Only Domain Controllers

You can install an RODC on a full installation of Windows Server 2008 or on a Server Core installation of Windows Server 2008.Before you do, there are few things to check first. Ensure that the forest functional level is set to Windows Server 2003 or higher. Run adprep /rodcprep (You can skip this if you are creating a new forest that will have only domain controllers running Windows Server 2008.) To run adprep /rodcprep, you must be a member of the Enterprise Admins group.

An RODC must replicate domain updates from a writable domain controller that runs Windows Server 2008. Before you install an RODC, be sure to install a writable domain controller that runs Windows Server 2008 in the same domain.

The domain controller can run either a full installation or a Server Core installation of Windows Server 2008. To install an RODC on a full installation of Windows Server 2008, you must be a member of the Domain Admins group.



Install RODC on a full installation of Windows Server 2008

Log on to the server as a member of the Domain Admins group.

Click Start, type dcpromo, and then press ENTER to start the Active Directory Domain Services Installation Wizard. The server can belong to a workgroup.

On the Choose a Deployment Configuration page, click Existing forest, click Add a domain controller to an existing domain, click Next

On the Network Credentials page, type the name of a domain in the forest where you plan to install the RODC. and then click Next.

Select the domain for the RODC, and then click Next.

Click the Active Directory site for the RODC, and then click Next.

Select the Read-only domain controller check box

If you want to use the default folders that are specified for the Active Directory database, the log files, and SYSVOL,then click Next.

Type and then confirm a Directory Services Restore Mode password, and then click Next.

Confirm the information that appears on the Summary page, and then click Next to start the AD DS installation. You can select the Reboot on completion check box to make the rest of the installation complete automatically

If you select the Use advanced mode installation check box on the Welcome to the Active Directory Domain Services Installation Wizard page, you can configure the Password Replication Policy for the RODC and other settings during the AD DS installation

If you choose to install an RODC on a Server Core installation of Windows Server 2008, you must be a member of the Domain Admins group or you must have been delegated the ability to perform the installation. To install an RODC on a Server Core installation of Windows Server 2008, you must perform an unattended installation of AD DS.

Install RODC on a Server Core installation of Windows Server 2008

Install a second server computer that is running a Server Core installation of Windows Server 2008.
Copy the following answer file settings to a text file. The InstallDNS, PasswordReplicationAllowed, PasswordReplicationDenied, and ReplicationSourceDC.The groups that are specified as values for PasswordReplicationAllowed and PasswordReplicationDenied must already exist. You must specify the groups by using the Windows NT format (domain\user_name or domain.com\user_name) or using the user principal name (UPN) format (user_name@domain.com).