Conducting an RODC Installation
As mentioned earlier, an
RODC can be implemented on either a full installation of Windows Server
2008 R2 or on a Windows Server 2008 R2 Server Core installation. The
upcoming sections include step-by-step instructions on installing an
RODC for both types of scenarios.
Installing an RODC on a Full Installation of Windows Server 2008 R2
Before installing an RODC
within your Active Directory infrastructure, ensure the prerequisites
are met and you fully understand the circumstances under which the RODC
should not be used or else you will jeopardize the success of your
Now, let’s look at how to
install an RODC; this example assumes the base Windows Server 2008 R2
system has already been installed. The installation is very similar to a
traditional domain controller installation; however, the final steps
include Read-Only Domain Controller settings. To conduct the
installation with the Active Directory Domain Services Wizard, follow
Log on to the new branch office Windows Server 2008 R2 system with an account that has domain administrative privileges.
Click Start, Run, and type dcpromo.exe.
Click OK to commence the full installation of an RODC. Alternatively,
you can add the Active Directory Domain Services role via Server
The Active Directory
Domain Services Wizard checks to see if the Active Directory Domain
Services binaries are installed. If they are not, the wizard will begin
the Welcome to the Active Directory Domain Services Wizard page, click
Next to commence the installation of Active Directory Domain Services
(AD DS) on the server.
Review the warning on the Operating System Compatibility page, and then click Next.
the Choose a Deployment Configuration page, ensure the Existing Forest
option is selected, and then specify Add a Domain Controller to an
Existing Domain. Click Next to continue, as illustrated in Figure 1.
Figure 1. Adding a new RODC to an existing domain.
the Network Credentials page, type the name of any domain in the forest
where you plan to install the domain controller. After the domain name
is entered, specify the account credentials that have permissions to
conduct the dcpromo process and that will be used to perform
the installation. You can either use the current logged-on credentials
or specify alternate credentials. Click Next to continue, as displayed
in Figure 2.
Figure 2. Specifying network credentials for the RODC installation.
If the computer is part of a
workgroup and is not associated with an Active Directory domain, you
must specify alternate domain credentials because the existing
credentials are associated with the local server.
On the Select a Domain page, specify the domain where the new RODC will be added, and then click Next.
the Select a Site page, specify whether the wizard should add the new
RODC to a site based on the subnet defined in Active Directory Sites and
Services. Alternatively, select a site manually. Click Next to
the Additional Domain Controller Options page, select the additional
options for the domain controller. The options include DNS Server,
Global Catalog, and Read-Only Domain Controller (RODC). Ensure that, at
the very least, the RODC option is selected, as shown in Figure 3. Click Next to continue.
Figure 3. Ensuring the RODC option is selected.
The RODC option will not be available if a writable domain controller does not already exist in the domain.
the next step of the installation, the Active Directory Domain Services
Wizard prompts you to enter a user or group on the Delegation of RODC
Installation and Administration page. Ultimately, the user or group you
specify will be responsible for attaching
a server to the RODC account and subsequently managing the RODC after
the installation is complete. If a user or group is not specified, the
installation wizard will automatically allow the Domain Admin or
Enterprise Admin group to attach to the RODC. Enter a group on the
Delegation of RODC Installation and Administration page, and then click
Next, as displayed in Figure 4.
Figure 4. Specifying a group on the Delegation of RODC Installation and Administration page.
simplicity, it is a best practice to specify a group and add users to
the group as needed. Each user associated with the group will have the
opportunity to log on to the RODC and will have full control over the
the folder location of the database, log files, and sysvol files on the
Location for Database, Log Files, and sysvol page, and then click Next
For maximum performance and recoverability, it is a best practice to store the database and log files on separate volumes.
On the next page, enter a Directory Services Restore Mode administration password, and then click Next.
Review the selections on the Summary page, and then click Next to finalize the installation.
It is possible to export the RODC
selections to an answer file if needed. This comes in handy when
creating additional Server Core installation Read-Only Domain
Click Finish and reboot the new RODC system upon completion of the installation wizard.