Shariq Sheikh | Port 389 » RODC

Is there an Active Directory Visual Illustration/Diagram ?

Rick — Tue, 01 Sep 2009 16:18:43 +0000

A question was raised on ActiveDir, and I learned about an old TechNet Jigsaw on AD’s interworking.

Along with that, there was a new Windows Server 2008 AD Feature Components which I received at Tech-Ed 2007 and it illustrates the new and improved AD pieces introduced with Windows Server 2008. This poster covers ADLDS, ADFS, ADRMS, and RODCs.

And an additional poster on general new Windows Server 2008 Feature Components that covers TS, NAP, IIS 7.0, Virtualization, Server Core and BitLocker.

Both of the above illustrations and very good quality large size posters (30x20in) and are good to hang in your office/cube. Printing them on regular printer may distort the quality, so you may try the plotter . All three can be downloaded from the following links :

TechNet Magazine Active Directory Component Jigsaw Poster

Windows Server 2008 Component Posters (both)

P.S This is my first test post using WLW.

Share/Bookmark

No RIDs for you (the RODC) !

Rick — Thu, 30 Jul 2009 00:52:16 +0000

Says the RID Master FSMO to a RODC. If you recall the RID Master’s sole job is to make sure that duplicate SIDs are not issued by domain controllers. Whenever a DC needs to create a SID, it takes the next available value from its own RID pool to create the SID with a unique value. The default pool size is 500 RIDs. When we run the RID pool test on a RODC, the test skips due to the DC being RODC and not having anything to do with the creation of the new objects.

dcdiag /v /test:ridmanager

Here is how the test is supposed to report back with the remaining pool of the allocated RIDs.

Share/Bookmark

Can a RODC also be a DHCP ?

Rick — Mon, 09 Jun 2008 01:40:47 +0000

Sounds like a no-brainer, but there is catch. I installed DHCP role on my Server Core that I had previously set up as Read-only Domain Controller, using this command.

start /w ocsetup DHCPServerCore

And then I went ahead and set the service configuration to “auto” with this command,

sc config dhcpserver start= auto (note the space between the equal sign and auto)

And then finally when I tried to start the DHCP service with the following command, it failed with these errors.

net start dhcpserver

A system error has occured

System error 50 has occured

The request is not supported

So the catch was, that since RODC can’t write back to the AD to create the needed DHCP security groups i.e DHCP Administrators and DHCP Users, the service would fail.

After creating those domain local security groups on another Windows Server 2008 RWDC, the service does run successfully and you can manage the DHCP Server (that is running on Server Core) from another server using RSAT.

Share/Bookmark

How to promote Server Core to be a RODC

Rick — Sun, 20 Apr 2008 02:43:43 +0000

The Windows Server 2008 Server Core installation does support Read Only Domain Controllers (RODC). This support makes Server Core ideal for brance office scenarios. To make a Server Core part of your domain as RODC, you use the unattended answer file with the following text with your settings and passwords

[DCInstall] InstallDNS=Yes ConfirmGC=Yes RebootOnCompletion=Yes ReplicaDomainDNSName=2008.lab ReplicaOrNewDomain=readonlyreplica ReplicationSourceDC=dc3.2008.lab SafeModeAdminPassword= SiteName=Default-First-Site-name UserDomain=2008.lab UserName=admin08 Password= CreateDNSDelegation=No

You can place the text file on the root of your C drive on the server core and run the following command

dcpromo /unattend:unattend.txt where unattend.txt is the text file you created above

Later on we will discuss other embedded command line structures and built-in programs such as OCSETUP which will allow you to add roles and features to your server core. Keep in mind that making the domain controller is the only setup you must not use OCSETUP for, and you must utilize DCPROMO for it, otherwise your server may not function properly.

After running the above process, you will notice that from a Windows Server 2008 full installation, using ADUC we can readily confirm that our DC is RODC.

Share/Bookmark

WSUS 3.0 SP1 gets released

Rick — Fri, 08 Feb 2008 20:50:36 +0000

WSUS 3.0 SP1 was released yesterday, following are the improvements that have been made from Version 3.0.6

The improvements that SP1 offers include:

• Support for Windows Server 2008.
• New Client Servicing API.
• Support client registration.
• Filter of updates by category and classification.
• Provide applicability rule extension mechanism.
• Obtain package metadata and report update status for each client.

• Improvements for local publishing: supports publishing of drivers within the enterprise by using vendor provided catalogs. API include support for bundles and prerequisites.
• All hotfixes: WSUS 3.0 SP1 includes all the changes and hotfixes that have been issued since the release of WSUS 3.0.
• Support for Microsoft SQL Server 2005: WSUS 3.0 SP1 lets you use SQL Server 2005.

You can get it here..

Share/Bookmark