In this article I’m going to set up a Read Only Domain Controller in a Windows 2008 environment. There’s already a writable Domain Controller available in the domain GPO.LOCAL. The first step is to Install a new Windows 2008 Server, in my example it’s a Core Edition. After the installation, you can begin configuring your new server.
– Enter the productkey:
slmgr.vbs -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
– Activate Windows:
slmgr.vbs -ato
– Rename the computer:
Netdom renamecomputer “%computername%” /newname:SRV-RODC01 /reboot:15
– Show all network interfaces:
Netsh interface ipv4 show interface
– Set a static IP address:
Netsh interface ipv4 set address name=2 source=static address=172.16.1.11 mask=255.255.0.0 gateway=172.16.1.1
(make sure that you’re choosing the right network interface. In this example it’s 2, so name=2 it means interface 2)
– Set a static DNS server:
Netsh interface ipv4 add dnsserver name=2 address=172.16.1.10 index=1
– Turn Remote Desktop (RDP) on:
Cscript %windir%\system32\SCRegEdit.wsf /ar 0
– Enable Remote Desktop (RDP) in the Windows Firewall:
netsh advfirewall firewall set rule group=”remote desktop” new enable=yes
(Note: type this rule in by your self, copy past will give an error!)
– Enable Remote Management (RemoteCMD) in the Windows Firewall:
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes
(Note: type this rule in by your self, copy past will give an error!)Making the unattended.txt:
Copy and past the following test into the new textfile and save this file on the C: drive of the Core Server.
==================================================
[DCInstall]
InstallDNS=Yes
ConfirmGc=Yes
CriticalReplicationOnly=No
DisableCancelForDnsInstall=No
Password=********
RebootOnCompletion=No
ReplicaDomainDNSName=GPO.local
ReplicaOrNewDomain=ReadOnlyReplica
ReplicationSourceDC=srv-w2k8dc01.gpo.local
SafeModeAdminPassword=********
SiteName=Default-First-Site-Name
UserDomain=GPO.local
UserName=Administrator
==================================================
– Run the DCPROMO
dcpromo /unattend:c:\unattend.txt15)
– Reboot the Domain Controller
shutdown -r -t 0
As you can see, when you make a connection to the RODC, you’re not be able to make any changes to existing users or groups and the option “New” is hidden when you right-click in your environment.
In the next post i’m going to delete a RODC from the environment. (for example if your server is stolen or something like that).
1 comments
All the point very well described. You really did a great job. Thanks.
Windows 7 to 10 Migration
SCCM Implementation
Post a Comment