Windows Server 2016 and 2012 R2 - Setup Secure Load Balancing RODC
In a corporate setting it is often desirable to separate sections of our network based on departments or region or duties etc. Using a Read Only Domain Controller (RODC) is ideal as it gives us the ability to on cache certain groups of users and computers and also enable load balancing as there will be additional load balancing Active Directory servers with their own DNS servers.
This video shows us how to setup an RODC on Windows Server 2016 and 2012 R2.
Please watch the video to see the above (to translate, click the Subtitle box in the YouTube video and then click Settings and language, as in this picture):
Transcript (machine generated so it contains errors)
Hello and welcome to this video what were doing in this video is selling are basically are read-only domain controller in a remote office or for remote users. Okay, now the benefits of this are for security reasons, it's only read-only, so it's only unidirectional caching, so basically arm your main domain controller will pass its information onto this domain controller and only certain parts of it that you can restrict okay too. You can limit it. So if someone was to gain access to the server.
This remote server. Okay, they'll only get certain parts of your domain details and not too much. Also, passwords are not cached will also have the benefits of basically than not being able to write back to your main active directory domain controller. Okay, so let's get on with it and show you how to set this up and one more benefit is also you can use it as load balancing and jamming a DNS server over here goes active directory over here for the users are coming through this channel then not very taking up some we say too much usage on your other domain controllers, so also having the benefit sellers crack, okay. Basically, we need to do is just open our palm ServerManager go there.
Then, add roles and features, and click next next
to get there and enrols click active directory domain services. Click next. Click next. What will this give DNS as well. Mums will give DNS okay, so that also reduces load of of our main DNS server. There we go. Click next and then install okay, and once installed, you basically need to promoted to a domain controller in will do a quick double check and what doing is flicking the first option, so adding a domain controller to an existing domain. If you are setting up your main first domain controller, you will be a new forest but were already using our domain, so click next and then it's a read-only domain controller. Okay, you can stick with that we need to give the password that is used for restoring it a six person listing take okay, now this group. Okay, would literally push most of your main active directory, use users, computers, all the data over here. If you Wanna do that, then you keep this but for security reasons, we want to restricted to only certain group or groups. So were the add with credit one okay on our main server to the remote user group sorry my mistake. There we so we have that and this one sundial we have restricted only to this and thus making us a little bit more secure when I see a lot more secure, so we go forward. Okay, and this for example, this office was in a location where they had very slow Internet access, and you had a huge active directory that need to be collide moved over to this one WindowsSetup okay when he could have done was crediting installed media on your main server and then parallel posted career in the flash drive. Whatever to this office were pretty good with our networking over here, so everything is going okay replicate from any domain controller and choose a specific domain control want is Next and then this will doubtless verify the everything is ready, all happy okay let's customer don't worry about these things.
Let's spend next and once the sun is basing restart. Okay, and after the restart. Basically you have active directory with DNS and you have this system, which is quite nice now, so a remote users will basically our group and all the users within that remote users group that yet set up will basically be coming through on this machine using this machine's DNS server and for load balancing. That's taking a big load off our other server and there you go. It's all set up. Thanks for watching. Hopefully this video is out
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.