Comments on: Windows Server 2008: the disadvantages of RODCs http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/ For Windows Administrators Mon, 22 Mar 2010 06:58:50 +0000 http://wordpress.org/?v=abc hourly 1 By: Lukas Beeler http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/comment-page-1/#comment-128036 Lukas Beeler Wed, 03 Jun 2009 17:10:06 +0000 http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/#comment-128036 Roel, yes, of course. The computer account must also be cached, and it can easily be configured to do so. It's just that in dsa.msc, the default search DOES NOT include computer accounts. Roel,

yes, of course. The computer account must also be cached, and it can easily be configured to do so. It’s just that in dsa.msc, the default search DOES NOT include computer accounts.

]]> By: Roel Slob http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/comment-page-1/#comment-128035 Roel Slob Wed, 03 Jun 2009 17:04:32 +0000 http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/#comment-128035 The error does not point to the user account, but to the computer account. So if the client pc-account cannot be verified it has not been able to verify any user account in the AD. It looks to me that you also have to cache the pc-account, but it's a wild guess. Is that even possible? I don't have a virtual environment at hand right now. The error does not point to the user account, but to the computer account. So if the client pc-account cannot be verified it has not been able to verify any user account in the AD.
It looks to me that you also have to cache the pc-account, but it’s a wild guess.
Is that even possible? I don’t have a virtual environment at hand right now.

]]> By: Kshitiz http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/comment-page-1/#comment-128027 Kshitiz Wed, 03 Jun 2009 07:29:38 +0000 http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/#comment-128027 I am still facing the issue. I am having simple LAb environment with A RWDC, RODC, a client machine and two Domain Users A and B (all at single site). Both RWDC and RODC have DNS and GC. Client machine and User A are set to ave password cached but not User B. After Reboot of Client and User A login, I see the account info being Cached on RODC but when trying to login with User A or B from client machine, when RWDC is Offiline, I get the message "The trust relationship between this workstation and the primary domain failed". No Fancy stuff, No Multihomed DC etc. Please share your thoughts. I am still facing the issue. I am having simple LAb environment with A RWDC, RODC, a client machine and two Domain Users A and B (all at single site). Both RWDC and RODC have DNS and GC. Client machine and User A are set to ave password cached but not User B. After Reboot of Client and User A login, I see the account info being Cached on RODC but when trying to login with User A or B from client machine, when RWDC is Offiline, I get the message “The trust relationship between this workstation and the primary domain failed”. No Fancy stuff, No Multihomed DC etc.

Please share your thoughts.

]]> By: Roel Slob http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/comment-page-1/#comment-87693 Roel Slob Thu, 17 Jul 2008 16:25:09 +0000 http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/#comment-87693 The reason you could not logon when the writable DC is down is probably because this DC is also the GC. You could give the RODC the role of GC. In that case you should be able to logon to the RODC with the writable DC offline. The reason you could not logon when the writable DC is down is probably because this DC is also the GC. You could give the RODC the role of GC. In that case you should be able to logon to the RODC with the writable DC offline.

]]> By: Michael http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/comment-page-1/#comment-18441 Michael Sat, 16 Jun 2007 09:43:42 +0000 http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/#comment-18441 Thanks for the tip! I think your guess is right. It might be a problem related to multihomed DCs. I tried this feature with an RODC having just one network card and it worked there. Thanks for the tip! I think your guess is right. It might be a problem related to multihomed DCs. I tried this feature with an RODC having just one network card and it worked there.

]]> By: Lukas Beeler http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/comment-page-1/#comment-18432 Lukas Beeler Sat, 16 Jun 2007 07:02:14 +0000 http://4sysops.com/archives/windows-server-2008-the-downsides-of-rodcs/#comment-18432 I believe your problem was that you used a multi homed domain controller. See <a href="http://support.microsoft.com/kb/272294" rel="nofollow">KB272294</a>. One of the biggest advantages of the RODC is that you can give administrator access to it, without giving any domain specific privileges. I believe your problem was that you used a multi homed domain controller.

See KB272294.

One of the biggest advantages of the RODC is that you can give administrator access to it, without giving any domain specific privileges.

]]>