DOMAIN CONTROLLERS

Implementing Read Only Domain Controllers



Implementing Read Only Domain Controllers

Introduction

One central park is facing difficulties in data management at its remote offices. The branch offices has huge servers with capacity of supporting thousands of users, but as the number of user in these offices are not more than few dozens, this strategy results in the waste of resources. Also, the users in the remote branches are not able to enjoy the quality of service as do the users at head office. Finally, One central park has hired our IT consultant team to resolve the issues by deploying Read only Domain Controllers (RODC) at each of their branch offices. I am working as a member of this team. In this report, I will discuss the potential benefits and drawbacks of implementing Active Directory service at the branch office. I also present an action plan for implementing the domain controllers.

Types of Domain Controllers

Full Read/Write Domain Controllers

The writable domain controllers provide the opportunity of writing to the active directory database from various locations. These domain controllers use replication techniques for copying any changes occurring anywhere in the domain. They also replicate data of their own database to other domain controllers. The complete copy of the database includes all accounts' credentials. Only domain owners can manage these controllers.

Read Only Domain Controller

Read Only Domain Controller (RODC) announced with the operating system of Windows Server 2008. It facilitates the organizations to deploy a domain controller in physically separated locations, where there is no guarantee of security. RODC encompasses the read-only portions of Active Directory Domain Services database. This domain controller ensures the data security by making the applications only reading data from the directory database. To facilitate the users, RODCs can also forward certain write operations automatically to the writable domain controllers when necessary. This domain controller suits the branch offices of the One central park, as in these offices there are less number of users, with little technical knowledge (Schauland D., 2009). Unlike Read/Write domain controllers, the users who do not have administrative rights are able to manage RODCs. The main features of this controller are: Read-only AD DS database, administrator role separation and Read-only Domain Name System (DNS). It also supports unidirectional replication, and credential caching. RODCs hold a complete copy of the database. This database encompasses the exception of credentials and other similar attributes. However, to provide better authentication performance for users, the administrators can select the required credentials to be cached on the RODC.

RODC requires at least one writable domain controller running on Windows Server 2008. Also, Windows Server 2003 or higher must be the functional level for the domain. The Active Directory objects and attributes are same for RODC as for the writable domain controller; the difference is that RODC requires the account passwords for ensuring the security. Also, it is not possible to change the data stored in the RODC's database.

Domain and Forest Functional Levels

The Active Directory framework views at a ...