Installing a Read-Only Domain Controller (RODC) isn’t much different than installing a regular domain controller.
However, there is one important factor to keep in mind. A RODC can only be installed into an existing Active Directory Domain with at least one full (non-read-only) Windows 2008 Server Domain Controller.
The reason is that the RODC is a new feature to Windows 2008 and it needs at least one DC to understand what it is doing in order to function properly.
Once the decision has been made to install a RODC the next decision is whether to install on a full-install or core-install of Windows 2008 Server.
The RODC is primarily aimed at providing additional security on an Active Directory Database for a server that is not physically secured. Installing a RODC on a Core Install of Windows 2008 provides no additional physical security.
Installing RODC on a Core Server Install
There is only one way to install RODC role on a Core Server installation. The dcpromo.exe command runs on the GUI-less version of Windows Server 2008.
On a full install of Windows Servers 2008, there is of course a GUI tool to help with the process. The Active Directory Domain Services Installation Wizard handles the installation of RODC.
Type “dcpromo” at a command prompt to start the wizard. The first screen will ask you whether you want to use an existing forest, or create a new domain in a new forest. Since you must join an existing domain with a RODC, the choice is obvious.
Next you’ll be asked for a username and password. The account must be a member of Domain Admins in order to create a Read-Only Domain Controller.
Next, you’ll choose the site you wish to join.
So far, this is all the same as a regular Domain Controller install. Under “Additional Options” is where you actually choose to make this a Read-Only Domain Controller installation.
Using an answer file for the command makes the process much easier than trying to get all the switches just right in the command line.
Installing the Read-Only Domain Controller on Windows Server 2008 - 1
Although there are many settings available depending upon your particular infrastructure, just basic information is required to complete the command:
* an account with permissions to do what you are trying to do
* the name of the Site
* the database and log paths
* and whether or not to install DNS.
Installing the Read-Only Domain Controller on Windows Server 2008 - 2
Many people will put a “yes” for RebootOnCompletion. If you are doing an actual unattended promotion then that would make sense.
If you are sitting at the console, I prefer to manually reboot the server so that I can take as much time as I want to study what is on the screen if there is an issue.
Next, choose the paths for installing the components, or just click Next to use the defaults. Once the confirmation screen appears, you are all set.
Source: http://windowsserver.trainsignal.com/server-2008-install-rodc-read-only-domain-controlle
However, there is one important factor to keep in mind. A RODC can only be installed into an existing Active Directory Domain with at least one full (non-read-only) Windows 2008 Server Domain Controller.
The reason is that the RODC is a new feature to Windows 2008 and it needs at least one DC to understand what it is doing in order to function properly.
Once the decision has been made to install a RODC the next decision is whether to install on a full-install or core-install of Windows 2008 Server.
The RODC is primarily aimed at providing additional security on an Active Directory Database for a server that is not physically secured. Installing a RODC on a Core Install of Windows 2008 provides no additional physical security.
Installing RODC on a Core Server Install
There is only one way to install RODC role on a Core Server installation. The dcpromo.exe command runs on the GUI-less version of Windows Server 2008.
Using an answer file for the command makes the process much easier than trying to get all the switches just right in the command line.
Although there are many settings available depending upon your particular infrastructure, just basic information is required to complete the command:
- an account with permissions to do what you are trying to do
- the name of the Site
- the database and log paths
- and whether or not to install DNS.
Many people will put a “yes” for RebootOnCompletion. If you are doing an actual unattended promotion then that would make sense.
Regular InstallationOn a full install of Windows Servers 2008, there is of course a GUI tool to help with the process. The Active Directory Domain Services Installation Wizard handles the installation of RODC.
Type “dcpromo” at a command prompt to start the wizard. The first screen will ask you whether you want to use an existing forest, or create a new domain in a new forest. Since you must join an existing domain with a RODC, the choice is obvious.
Next you’ll be asked for a username and password. The account must be a member of Domain Admins in order to create a Read-Only Domain Controller.
Next, you’ll choose the site you wish to join.
So far, this is all the same as a regular Domain Controller install. Under “Additional Options” is where you actually choose to make this a Read-Only Domain Controller installation.
Using an answer file for the command makes the process much easier than trying to get all the switches just right in the command line.
Installing the Read-Only Domain Controller on Windows Server 2008 - 1
Although there are many settings available depending upon your particular infrastructure, just basic information is required to complete the command:
* an account with permissions to do what you are trying to do
* the name of the Site
* the database and log paths
* and whether or not to install DNS.
Installing the Read-Only Domain Controller on Windows Server 2008 - 2
Many people will put a “yes” for RebootOnCompletion. If you are doing an actual unattended promotion then that would make sense.
If you are sitting at the console, I prefer to manually reboot the server so that I can take as much time as I want to study what is on the screen if there is an issue.
Next, choose the paths for installing the components, or just click Next to use the defaults. Once the confirmation screen appears, you are all set.
Source: http://windowsserver.trainsignal.com/server-2008-install-rodc-read-only-domain-controlle
0 comments:
Post a Comment