How to install Read Only Domain Controller 2012 R2

How to install Read Only Domain Controller 2012 R2

In this post, we’ll learn the steps to install read only Domain Controller 2012 R2. A read-only domain controller is a server that host a read-only copy of active directory which is hosted from any writable domain controller in the domain. Information stored on RODC has been authenticated to the authorized users and computers only. RODC will forward the access and authentication requests to the writable domain controller because the newly RODC  cannot authenticate the users and computers.

Desktop

Before we install Read only Domain Controller 2012 R2, please ensure you have writable copy of DC in your Domain. You cannot create RODC if you don’t have writable DC in your Domain.

Steps to promote a Domain Controller

Steps to install read only Domain Controller 2012 R2

In our environment, we have two servers. First, is a writable Domain Controller (DC01) and second is the member server (DC02) i.e. we have added second sever in the Domain. Before we start with the process of promoting a RODC.

1.  On second server i.e. DC02, open “Server manager“, click on Add roles and features to install the Active Directory Domain Services role.

DC02 192.168.1.21-2016-02-28-21-14-01-min

2. On “Before you begin” console, we can read all the pre-requiste tasks to be performed before proceeding further. Before installing any role, please verify that administrator account must have a strong password, network settings such as static IP address is configured. Click on next.

DC02 192.168.1.21-2016-02-28-21-14-11-min

3. On “Installation Type” console, Select Role-based or feature-based installation. Click on Next.

DC02 192.168.1.21-2016-02-28-21-14-19-min

4. In Windows Server 2012 R2, we have an option to manage servers remotely. In the server pool we can see all the remotely managed servers but here only one server is listed. Select the server on which you want to install RODC 2012 R2. Click on Next.

DC02 192.168.1.21-2016-02-28-21-14-27-min

5. Select “Active Directory Domain Services” role to install on selected computer. AD DS is like a store which keeps all the information related to objects in a network and makes the information available to users & domain administrators. Click on Next to continue.

DC02 192.168.1.21-2016-02-28-21-14-49-min

6. All the essential features required with AD DS role are already selected. Cick on Next to continue the installation process.

DC02 192.168.1.21-2016-02-28-21-14-53-min

7. On “Active Directory Domain Services”console is explaining the importance of AD DS role. Click on Next.

DC02 192.168.1.21-2016-02-28-21-14-57-min

8. It confirms all the selected components which are required for AD DS role. It would also suggest restart the destination server automatically if required. Click on Install to continue.

DC02 192.168.1.21-2016-02-28-21-15-01-min

9. This console shows the installation in progress and after completing the installations click on Close to close this wizard. However, you can close the console while installation is in process as it would not interrupt the installation of AD DS role.

DC02 192.168.1.21-2016-02-28-21-16-25-min

10. Installation of AD DS role is a prerequisite to promote a server as DC. On the dashboard of Server Manager, we can see a warning sign, click on that sign and then click on “Promote this server to a Read only domain controller”.

DC02 192.168.1.21-2016-02-28-21-17-45-min

11. It will open “Active Directory Domain Configuration Wizard” window. In the “Deployment Operation” we’ll see three options “Add a domain controller to an existing domain“, “Add a new domain to an existing forest” and “Add a new forest“.

As we are creating RODC therefore we need to select “Add a domain controller to an existing domain”. Click on Next.

DC02 192.168.1.21-2016-02-28-21-18-23-min

12. To make this computer RODC, we have to check the RODC option. We also have to set the Directory Services Restore Mode (DSRM) password here, before proceeding. Click on Next to continue.

DC02 192.168.1.21-2016-02-28-21-19-07-min

13. On “RODC Options” console, We have added ITIngredients\Administrator in delegated administrator account option. Click on  Next. In this console, you can allow or deny the accounts for which password would be replicated. Please take a note, only allowed accounts would be authenticated via RODC.

DC02 192.168.1.21-2016-02-28-21-38-46-min

14. On the Additional Options console, beside Replicate from option, click the drop-down box and click  on DC01.itingredients.com. This option will make this RODC to replicate from DC01 or you can select the option of Install From Media (IFM). We will discuss about IFM in future post. Click Next.

DC02 192.168.1.21-2016-02-28-21-39-05-min

15. In the “Active Directory Domain Services Configuration Wizard” window we need to specify details of “Database Folder” i.e. NTDS.DIT file, “Log files folders” and “SYSVOL folder”. You can change the path if you want or click on Next to continue with the default selections.

DC02 192.168.1.21-2016-02-28-21-39-11-min

16. In the “Review Options” window, review all the settings that we have defined. Click on previous button, in case of any changes required else click next.

DC02 192.168.1.21-2016-02-28-21-39-16-min

17. In “Prerequisite Check”, it will check all the prerequisites and will show error or warning. Click on install.

DC02 192.168.1.21-2016-02-28-21-39-24-min

18. Reboot is required to complete the installation process.

active-directory-group-policy-2012-lab
Share this post:

3 thoughts on “How to install Read Only Domain Controller 2012 R2

  • April 1, 2016 at 1:34 pm
    Permalink

    Thanks for this wonderful article to create Read Only Domain Controller. Do we need to create a Writable Domain Controller to create the RODC or it can be created without creating the Writable Domain Controller? Early reply would be appreciated

    Reply
    • April 1, 2016 at 1:36 pm
      Permalink

      You need to promote a Domain Controller before you promote a RODC. RODC is only a readable Domain Controller and it cannot be created without Writable Domain Controller. Hope it helps.

      Reply
  • November 26, 2016 at 8:26 pm
    Permalink

    If I’ve multiple sites and at each location I have multiple domain controllers then where shall I host my RODC (Read Only Domain Controller). I need to place it on the First site or it needs to be placed at each site.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *