ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

How does a RODC authenticate users locally for the first time and afterwards?

RODC, by default, forwards user authentication activities to a writabe DC that is likely placed in a datacenter in the hub site through a slow WAN connection. This poses a performance issues.

user-image
تم إضافة السؤال من قبل Ahmad Yassein , Infrastructure Network Manager , Ministry of International Cooperation (MIC)
تاريخ النشر: 2014/01/06
Mohammed Arifuddin Mohammed
من قبل Mohammed Arifuddin Mohammed , System Administrator ( Temporary ) , Abu Dhabi Invest Company

Hello Ahmad,

 

if RODC is deployed in your org then it contains the read only copy of active directory partitions which contains all the user attritubes and objects. so when user is logging for the first time it authenticates, this request  sends to RODC and moreover what all users are in branch site those users can be pre created in the RODC.

 

Hope this is helpful for you.

Ahmed Mohamad Mohamad Elsherbeny
من قبل Ahmed Mohamad Mohamad Elsherbeny , Head of team , Egypt Penetration Testers

1st of all there is no more slow WAN connections between branch sites and main site. And if there is one then using it only for authentication traffic is no problem.

 

If you want your local users in the remote branch to logon locally you need to enable ( credential caching ).

After each user or computer account authenticates against the main branch. The RODC will service log on requests.

 

But still enabling ( credential caching ) considered a security issue which could lead to accounts exposure.

 

My advice to enable this feature if you do not have a stable Internet connection.

 

For more info visit this page:

http://technet.microsoft.com/en-us/library/cc732801(v=WS.10).aspx

 

Hope this was helpful.

المزيد من الأسئلة المماثلة