Read-Only Domain Controller (RODC) is almost same like installing a regular domain controller.
However, there is one important factor to keep in mind. A RODC can only be installed into an existing Active Directory Domain with at least one full (non-read-only) Windows 2008 Server Domain Controller.
RODC is a new feature to Windows 2008 and it needs at least one DC to function properly.
you can install RODC on Core Server installation and Full server installation.
There is only one way to install RODC role on a Core Server installation. The dcpromo.exe command runs on the GUI-less version of Windows Server 2008.
Using an answer file for the command makes the process much easier than trying to get all the switches just right in the command line.
Although there are many settings available depending upon your particular infrastructure, just basic information is required to complete the command:
and on Full Server you have to run "dcpromo" like normal domain controller, and select "Read Only Domain Controller RODC"
Under “Additional Options” .
Another thing you have to careful about that you must have to create a normal user account or group whose member can manage the RODC, and you have to mention that account during installation of "RODC" other wise if you enter administrator account as management account for RODC. the administrator account also have read permission on RODC.
after installation test the installation by logging as domain normal user account, you will miss the option creating "NEW" user account, group or folder.
while if you log in as domain administrator all option are available and RODC behave like normal DC.
However, there is one important factor to keep in mind. A RODC can only be installed into an existing Active Directory Domain with at least one full (non-read-only) Windows 2008 Server Domain Controller.
RODC is a new feature to Windows 2008 and it needs at least one DC to function properly.
you can install RODC on Core Server installation and Full server installation.
There is only one way to install RODC role on a Core Server installation. The dcpromo.exe command runs on the GUI-less version of Windows Server 2008.
Using an answer file for the command makes the process much easier than trying to get all the switches just right in the command line.
Although there are many settings available depending upon your particular infrastructure, just basic information is required to complete the command:
- an account with permissions to do what you are trying to do
- the name of the Site
- the database and log paths
- and whether or not to install DNS.
and on Full Server you have to run "dcpromo" like normal domain controller, and select "Read Only Domain Controller RODC"
Under “Additional Options” .
Another thing you have to careful about that you must have to create a normal user account or group whose member can manage the RODC, and you have to mention that account during installation of "RODC" other wise if you enter administrator account as management account for RODC. the administrator account also have read permission on RODC.
after installation test the installation by logging as domain normal user account, you will miss the option creating "NEW" user account, group or folder.
while if you log in as domain administrator all option are available and RODC behave like normal DC.
