0

I work at a school district with about 30 school sites. Windows 2008 A/D setup - all central at the district office. In A/D, all is under one site, and no subnets defined. One A/D forest and only one domain under that.

We're now looking to start putting RODCs at the schools to put the authentication and DNS out there closer to them.

I haven't worked with A/D sites and subnets, and only a little with RODC password replication. But just got an invite to a meeting to talk about this tomorrow...

If we start breaking down the A/D pieces into sites/subnets, can we also use that as a way to help apply an RODC password replication policy in a way that matches so that only each school sites' users passwords are replicated/cached on their RODC?

Gregory Thomson
  • 71
  • 3

2 Answers2

0

Yes. That's exactly what RODC is for. You put it at locations that have a slow uplink to the PDC. You also must define user accounts whose passwords are replicated to the RODC's.

Daniel
  • 6,940
  • 6
  • 33
  • 64
0

AD sites and Password replication policies on RODCs has nothing in common. AD Sites define replication boundaries. On the other side, PRP dictates who's passwords are replicated to the RODC. The latter is based on user's membership. If you put a RODC in each school, you should definitely create a corresponding AD site/subnet. In simple words: AD Sites/Subnets help clients to locate nearest Domain Controllers, no matter if they are RODCs or RWDCs.

iPath
  • 622
  • 4
  • 11