Announcement

Collapse
No announcement yet.

Read Only Domain Controller - Do they forward Auth Requests

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Read Only Domain Controller - Do they forward Auth Requests

    Got a RODC Question that hopefully someone will be able to assist me with this question.

    I'm trying to design an AD deployment that will be for a web hosting co. As such everything uses Public IP's and essentially to a degree, everything is internet facing. As such Security is a major concern.

    What we were hoping to do would be to have a RODC with no accounts locally on it. This would sit in a semi secure zone where all the other member servers could connect to it for authentication. Additionally we would have a Normal Windows 2008 DC situated elsewhere that obviously would have a full DC Database and would be in a substantially more secure zone. Ideally only the RODC's would be able to replciate with this server and not allow any clients to authenticate against it.

    What i'm trying to find out, and have not been able to find any information one way or the other, is whether the RODC will forward the Auth request from a client, to an upstream DC when it does not have the account locally, or if the RODC informs the client to try a different DC.

    If anyone is able to answer this or point me in the best direction i'd greatly appreicate it.

    Thanks in advance!

  • #2
    Re: Read Only Domain Controller - Do they forward Auth Requests

    Moving this to Server 2008 forum as it is OS specific
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Read Only Domain Controller - Do they forward Auth Requests

      The RODC handles the request, it does not refer the client to another DC.

      Comment


      • #4
        Re: Read Only Domain Controller - Do they forward Auth Requests

        Originally posted by Garen View Post
        The RODC handles the request, it does not refer the client to another DC.
        Thanks Garen, i thought that was the case but was not 100% sure.

        Comment

        Working...
        X