Technological Blog
Posts tagged Identity management systems
manage a RODC
Feb 11th
Posted by technoblogical in Active Directory
manage a RODC
This is a video about how to manage a RODC (read only domain controller). A read only domain controller will cache credentials (passwords) so that you don’t have to waste WAN (wide area network) bandwidth for authentication purposes. It is possible to populate the RODC records manually. Also, when you delete the read only domain controller from the Active Directory domain, it is possible to reset all users and computer passwords stored on the RODC. RODC is a feature only available in Microsoft Windows Server 2008 and requires a functional domain level of Server 2003. It a feature mainly designed for a branch office
install a RODC
Feb 10th
Posted by technoblogical in Active Directory
install a RODC
This is a video about how to install a Read Only Domain Controller (RODC). A RODC stores a copy of Active Directory in a branch office. It will cache authentication credentials in an effort to reduce WAN (wide area network) traffic or bandwidth. You may control who may approve or deny who may or may not cache their credentials (passwords) on the RODC. It is a feature available on Microsoft Windows Server 2008 only and requires a server 2003 functional domain. Any machine running Server 2003 must have a command (adprep /rodcPrep) run on them to prepare them for a domain or forest that contains a read only domain controller.
Commands used:
dcpromo
d:\support\adprep\adprep /forestPrep
d:\support\adprep\adprep /rodcPrep
restricted groups: Managing local group membership with a GPO
Oct 6th
Posted by technoblogical in Active Directory
restricted groups: Managing local group membership with a GPO
Restricted groups are a little known option in an Active Directory Domain. They control local group membership on your active directory clients. In this video, I add a domain group to a local group without going to each and every local machine using group policy. This allows me to create membership for a specific group of people to a specific group on a specific group of computers. It’s a great situation where I can make local admins or backup operators on a regional sect of computers. This feature is available onactive directory domains running Microsoft windows Server 2000, 2003, 2008. The client operating systems may include 2000, XP, Vista or 7.