Task 2: Determine Type of Domain Controller Placed in Location
For each domain controller identified, determine whether that domain controller will be a write-able or a read-only domain controller (RODC). The full domain controller should only be placed in locations where the physical security of the domain controller can be ensured.
The primary reason to use an RODC is for locations with poor physical security. Since the RODC is read-only, nothing on the RODC can be changed and replicated back to the write-able domain controllers. RODCs require upstream access to a full domain controller for authentication purposes. By default, none of the hashes for passwords are replicated to the RODC. The RODC forwards the request for logon to a writeable ...
Get Windows Server 2008 Active Directory Domain Services now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
