When should we install RODC?

When should we install RODC?



if you need a domain controller in a dmz, read-only can be placed there



if you need a domain controller in a dmz, read-only can be placed there



Or if you have a site that should have a domain controller but isn't physically secured.



@Seth
if you need a domain controller in a dmz, read-only can be placed there

Have a DC in the DMZ is a security risk even with a RODC. A DC should not be required in a DMZ.

One of the main reasons why you would use an RODC in a remote site is for physical security restrictions, no technical users at the site, faster logon times because of network latency, or only a few users a at single site.

Personally I would not use an RODC because with Networks today they are robust enough to handle multiple user authentication to a hub site. This also minimized server licenses a long with maintenance of the server itself.

Below is a technet which explains where they would be useful.
https://technet.microsoft.com/en-us/library/cc732801%28v=ws.10%29.aspx

Will.



RODC are meant for smaller branches with few users, not secured, no backup infrastructure in place or there is low bandwidth. Under no circumstances should a DC be placed in the DMZ. If there are systems that needs authentication in the DMZ then there solutions such as ISA (firewall rules, etc.) that could be used.



So if I have good bandwidth capacity and have just 50 users at site is it preferable to mount RODC or normal DC?

Share this

Related Posts

There was an error in this gadget