Introduction
In this article, I’m going to show you how to install and configure a read-only domain controller on Windows Server 2019 in the proper method and easiest way.
What is a read-only domain controller (RODC)?
A Read-Only Domain Controller (RODC) is a special type of domain controller in Microsoft's Active Directory service that provides a read-only copy of the main Active Directory database. It offers functionalities similar to a standard domain controller but with important differences.
Key Structures of an RODC
- Read-only access: Users can search for domain resources, authenticate, and receive group policies like a regular domain controller. However, they cannot modify any data directly on the RODC.
- Security focus: Primarily for secure environments where physical access to the server might be compromised. Since it doesn't store user passwords, an attacker gaining access wouldn't have access to critical credentials.
- Limited functionality: Unlike standard domain controllers, RODCs cannot be used for tasks like creating user accounts, resetting passwords, or modifying group policies.
- Offline functionality: RODCs can cache login credentials for a limited set of users, allowing users to log in even when the connection to the main domain is unavailable.
Benefits of using an RODC
- Improved security: Reduced risk of sensitive data like passwords being compromised if the RODC is physically compromised.
- Increased availability: Allows users to access domain resources even when the connection to the main domain is unavailable (cached credentials).
- Reduced bandwidth consumption: Requires less bandwidth compared to a full domain controller as it only replicates data from the main domain, not vice versa.
Note. We need two server operating systems server one has ADDS and DHCP with configuration, on server two without any configuration.
Step 1. On your server two set an IP address based on server one’s IP address.
![IP address]()
Step 2. Create a user on server one. If you want to know how to create a user, visit my previous article by clicking this link: https://www.c-sharpcorner.com/article/how-configure-users-profile-in-server-2019
![Create a user]()
Step 3. On your server, one’s dashboard clicks “tool” after clicking “active directory users and computers”.
![One’s dashboard clicks]()
Step 4. Right–click on “domain controllers” after clicking “pre–create read-only domain controller account”.
![Domain controller]()
Step 5. Click “next”.
![Next]()
Step 6. Select “my current login” after clicking “next”.
![My current login]()
Step 7. Type your server two’s computer name and click “next”.
![Computer name]()
Step 8. Click “next”.
![Select site]()
Step 9. Again click “next”.
![Again click]()
Step 10. Click “set” and choose your created user account after clicking “next”.
![Set]()
Step 11. Again click “next”.
![Summary]()
Step 12. Click “finish”.
![Finish]()
Step 13. On your Second Server / Server Two install adds services if you want to know how to install adds visit my previous article by clicking this link: https://www.c-sharpcorner.com/article/how-to-create-active-directory-domain-services
![Second server]()
Step 14. Login to your created user account and password by clicking “change” after clicking “next”.
![Deployment configuration]()
Step 15. Click “RODC” and give your “DSRM” password and after click “next”.
![Domain controller option]()
Step 16. Select your main server/server one after clicking “next”.
![Additional option]()
Step 17. Click “next”.
![Paths]()
Step 18. Again click “next”.
![Review option]()
Step 19. Click “install”.
![Prerequisites check]()
Note. On your main server/server one’s active directory users and computers” under domain controllers, you can see our RODC server in online.
![RODC server]()
Conclusion
In this article, we all clearly understand how to install and configure a read-only domain controller on Windows Server 2019 in the proper method and easiest way. If there is clarification regarding this topic, feel free to contact me.