Register now or log in to join your professional community.
RODC, by default, forwards user authentication activities to a writabe DC that is likely placed in a datacenter in the hub site through a slow WAN connection. This poses a performance issues.
Hello Ahmad,
if RODC is deployed in your org then it contains the read only copy of active directory partitions which contains all the user attritubes and objects. so when user is logging for the first time it authenticates, this request sends to RODC and moreover what all users are in branch site those users can be pre created in the RODC.
Hope this is helpful for you.
1st of all there is no more slow WAN connections between branch sites and main site. And if there is one then using it only for authentication traffic is no problem.
If you want your local users in the remote branch to logon locally you need to enable ( credential caching ).
After each user or computer account authenticates against the main branch. The RODC will service log on requests.
But still enabling ( credential caching ) considered a security issue which could lead to accounts exposure.
My advice to enable this feature if you do not have a stable Internet connection.
For more info visit this page:
http://technet.microsoft.com/en-us/library/cc732801(v=WS.10).aspx
Hope this was helpful.
