In this article I’m going to set up a Read Only Domain Controller in a Windows 2008 environment. There’s already a writable Domain Controller available in the domain GPO.LOCAL. The first step is to Install a new Windows 2008 Server, in my example it’s a Core Edition. After the installation, you can begin configuring your new server.
– Enter the productkey:
slmgr.vbs -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
– Activate Windows:
slmgr.vbs -ato
– Rename the computer:
Netdom renamecomputer “%computername%” /newname:SRV-RODC01 /reboot:15
– Show all network interfaces:
Netsh interface ipv4 show interface
– Set a static IP address:
Netsh interface ipv4 set address name=2 source=static address=172.16.1.11 mask=255.255.0.0 gateway=172.16.1.1
(make sure that you’re choosing the right network interface. In this example it’s 2, so name=2 it means interface 2)
– Set a static DNS server:
Netsh interface ipv4 add dnsserver name=2 address=172.16.1.10 index=1
– Turn Remote Desktop (RDP) on:
Cscript %windir%\system32\SCRegEdit.wsf /ar 0
– Enable Remote Desktop (RDP) in the Windows Firewall:
netsh advfirewall firewall set rule group=”remote desktop” new enable=yes
(Note: type this rule in by your self, copy past will give an error!)
– Enable Remote Management (RemoteCMD) in the Windows Firewall:
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes
(Note: type this rule in by your self, copy past will give an error!)Making the unattended.txt:
Copy and past the following test into the new textfile and save this file on the C: drive of the Core Server.
==================================================
[DCInstall]
InstallDNS=Yes
ConfirmGc=Yes
CriticalReplicationOnly=No
DisableCancelForDnsInstall=No
Password=********
RebootOnCompletion=No
ReplicaDomainDNSName=GPO.local
ReplicaOrNewDomain=ReadOnlyReplica
ReplicationSourceDC=srv-w2k8dc01.gpo.local
SafeModeAdminPassword=********
SiteName=Default-First-Site-Name
UserDomain=GPO.local
UserName=Administrator
==================================================
– Run the DCPROMO
dcpromo /unattend:c:\unattend.txt15)
– Reboot the Domain Controller
shutdown -r -t 0
As you can see, when you make a connection to the RODC, you’re not be able to make any changes to existing users or groups and the option “New” is hidden when you right-click in your environment.
In the next post i’m going to delete a RODC from the environment. (for example if your server is stolen or something like that).












We surfed everywhere to grappost regarding to this subject Thank you very much
Im obliged for the article.Really thank you! Keep writing.
Its my great pleasure to look at your blog and to enjoy your awesome post here. I like that a lot. I know that you paid much attention for these articles, as all of them make sense and are very useful
Good ! Quality is main. I appretiate. For some extra reputation you need proper plan. keep color matching. I am not expert. But I liked you. Thanks
I’m looking for themes on my blog I am just starting. Do you think this type of theme would work for my photography blog?
Thanks for the share. I have a random question? I am starting my own blog and want to know what is sharing to much information? lol and what is contributing? I want to get it right like your blog.
It is my great pleasure to visit your website and to enjoy your excellent posts here. I like that a lot. I know that you put much attention for those articles, as all of them make sense and are very useful
Sorry for being off topic, but I am just starting my website/blog. Why did you choose WordPress over blogger or any other blog program? I am trying to figure out the best way, since I am not a techy.
Thanks for the share. I have a random question? I am starting my own blog and want to know what is sharing to much information? lol and what is contributing? I want to get it right like your blog.
It’s always great to uncover a new site this excellent. I’ll be back for sure.
It is my great pleasure to visit your site and to enjoy your great posts here. I like that a lot. I know that you put much attention for these articles, as all of them make sense and are very useful