Overview

Introduction

Welcome to the Read-Only Domain Controllers Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Install Read-Only Domain Controller
  • Exercise 2 - Manage Password Replication

After completing this lab, you will be able to:

  • How to install Read-Only Domain Controller using Windows PowerShell
  • Understand how Password Replication Policy works

Exam Objectives

The following exam objectives are covered in this lab:

  • Understand server protection - Read-Only Domain Controllers (RODC)

Lab Duration

It will take approximately 30 minutes to complete this lab.

Exercise 1 - Install RODC Server

A Windows server running as a domain controller is responsible for authentication of users who sign-in to an Active Directory domain. For large organizations, it’s typical to have more than one domain controller to load balance network logon traffic and to enhance fault tolerance of Active Directory domain. Additional domain controllers are usually configured as having a read/write copy of the Active Directory database. This means that changes to Active Directory can be applied to any domain controller.

If network security is a concern on a remote site not visited or maintained by IT support personnel, a Read-Only Domain Controller or RODC can be installed in that remote office.

RODC is supported on server operating system versions like Windows Server 2008 and later.

An RODC may be a viable option for ensuring that user logons will be validated in the local network. An RODC server must have a reliable connection as this server depends heavily on a writeable domain controller to keep it updated.

In this exercise, you will learn how to install and RODC server and verify that it communicates with a writeable domain controller.

Learning Outcomes

After completing this exercise, you will be able to:

  • How to install Read-Only Domain Controller using Windows PowerShell

Exercise 2 - Manage Password Replication

RODC provides security for Active Directory as it relies on a writeable domain controller to be updated of the latest changes on the directory service. When an RODC is located on a remote site with users, there is an option to enable password replication. This is a policy where a security group, users, and computers are added into the Allowed RODC Replication Group. Being a member of this group means that the user or computer passwords are cached in the RODC server.

For the next exercise, you will enable a policy for password replication in an RODC server.

Learning Outcomes

After completing this exercise, you will be able to:

  • Understand how Password Replication Policy works

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.