Logo
programming4us
programming4us
programming4us
programming4us
 Home
programming4us
 XP
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server
programming4us
 Windows Phone
 
Windows Server

Windows Server 2008 : Promoting and Demoting a Domain Controller - Promoting a DC to an RODC with an Existing Account

4/7/2013 6:22:16 PM

Read-only domain controllers (RODC) are an important addition to Windows Server 2008. An organization can increase security in a branch office by installing an RODC in the branch office.

Note

The RODC does not store administrator passwords on the server by default, so even if the RODC is stolen, the thief will not have access to critical data.

You can pre-create an RODC account from within Active Directory Users and Computers (ADUC). This enables a user at the remote office to promote the server to an RODC, without requiring the user to have elevated permissions.

Figure 1 shows the Domain Controllers OU with an RODC named VBRODC1 pre-created. Also, the context menu accessed by right-clicking the mouse shows the selection to pre-create an RODC account.

Figure 1. Pre-creating an RODC account

The following steps show how to pre-create the account.

StepAction
1.Launch Active Directory Users and Computers (ADUC) by clicking Start, Administrative Tools, Active Directory Users and Computers.
2.Expand the domain and right-click the Domain Controllers OU. Your display should look similar to Figure 1.
3.Review the information on the Welcome page and click Next.
4.Review the information on the Operating System Compatibility page and click Next.
5.On the Network Credentials page, select Alternate Credentials and click Set. Type the account credentials of a user that has permissions to run dcpromo. Click OK. Click Next. You can use the same account that you launched ADUC with as long as the account has sufficient privileges to run dcpromo.
6.Type the name of the computer and click Next.

Note

This is the name of the server at the remote location that will be promoted to an RODC. The computer can’t be joined to the domain yet.

7.Select the appropriate site for the remote office and click Next.
8.The DNS server and Global Catalog server are selected by default. You can change these based on the needs of the remote office. Click Next.

Note

Unless you have a DNS server in the remote office, you should leave the DNS server selected. If it’s only a single domain forest, you should also leave the Global Catalog selected.

9.On the Delegation of RODC Installation and Administration page, click Set. Type the name of the user and click Check Names. Your display should look similar to Figure 2. Click OK. Click Next.
10.On the Summary page, click Next. Click Finish.

At this point, the account is created. The user at the remote office, which you designated in the wizard, can run dcpromo to promote the server at the remote office to an RODC.

Figure 2. Entering the account name of the user that will promote the RODC
Other -----------------
- Windows Server 2008 : Promoting and Demoting a Domain Controller - Demoting a DC with dcpromo, Using dcpromo with an unattend File
- SharePoint 2010 : Configuring Search Settings and the User Interface - The Preferences Page: An Administrator's View
- SharePoint 2010 : Configuring Search Settings and the User Interface - Federated Search
- Windows Server 2008 R2 : Hyper-V feature focus - Planning for Hyper-V, Installing and Administering Hyper-V
- Windows Server 2008 R2 : Hyper-V feature focus - Introduction to Virtualization and Hyper-V, Hyper-V Changes
- Windows Server 2003 on HP ProLiant Servers : File Replication Service Design and Implementation (part 2) - Diagnostics and Troubleshooting Methods and Tools
- Windows Server 2003 on HP ProLiant Servers : File Replication Service Design and Implementation (part 1)
- Understanding Network Services and Active Directory Domain Controller Placement for Exchange Server 2007 : Understanding AD Functionality Modes and Their Relationship to Exchange Groups
- Understanding Network Services and Active Directory Domain Controller Placement for Exchange Server 2007 : Exploring DSAccess, DSProxy, and the Categorizer
- Understanding Network Services and Active Directory Domain Controller Placement for Exchange Server 2007 : Defining the Global Catalog
 
 
Top 10 video Game
-   Why We're Excited For the FFVII Remake
-   Mortal Kombat X | Predator Brutality
-   Mortal Kombat X | Predator Fatality
-   Poly Bridge [PC] Early Access Trailer
-   Silence: The Whispered World 2 [PS4/XOne/PC] Cinematic Trailer
-   Devilian [PC] Debut Trailer
-   BlazBlue Chrono Phantasma EXTEND | Launch Trailer
-   Allison Road | Prototype Gameplay
-   Clash of Clans | 'Dark Spell Factory' Update
-   Shoppe Keep [PC] Debut Trailer
-   Orcs Must Die! Unchained [PC] What's New in Endless Summer v2.3 Patch
-   Gunpowder [PC] Launch Trailer
-   Uncharted 4: A Thief's End | E3 2015 Extended Gameplay Trailer
-   V.Next [PC] Kickstarter Trailer
-   Renowned Explorers [PC] Launch Date Trailer
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
programming4us programming4us
PS4 game trailer XBox One game trailer
WiiU game trailer 3ds game trailer
Trailer game
 
programming4us
 Heroes Charge
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server
programming4us
 Game Trailer