Domain Join Through An Rodc Instead Of An Rwdc

Windows server 2008 introduces one of the coolest features in ad being imho the read only domain controller rodc.

Domain join through an rodc instead of an rwdc. In that blog post you will find a vbs script that helps you achieve that goal. Find answers to join a workstation to domain using rodc from the expert community at experts exchange. Also for time synchronization an rodc is authorized to sync the computers time if and only if the computer password is.

If you try it and find that it works on another platform please add a note to the script discussion to let others know. Domain join through an rodc instead of an rwdc do not forget that if your windows server are 2003 they need to have direct connectivity to the rwdc for tasks like password changing. Rodc join computer to domain.

In the blog post 2009 01 01 domain join through an rodc instead of an rwdc i explained the so called read only domain join against an rodc. Hi do you know if there s a way to do this with sysprep. This script is tested on these platforms by the author.

Prior to the vbs script you see multiple ways of pre creating the computer and having the password of the computer account replicate to the rodc. Authentication attempts for accounts whose credentials are not cached on the rodc. It is therefore also preferably deployed at the perimeter of the network.

Domain join through an rodc instead of an rwdc. It is likely to work on other platforms as well. We re using virtual desktops and would like to provision them automatically right in the dmz.

It joins however it doest login in it still wants to talk to the rwdc and not rodc. Group policy updates that an administrator might attempt by running the gpupdate force command read this article as a solution. The main goal of the rodc is to improve the ad security and to mitigate risks.