read. Only domain controllers are managed a little bit differently in our standard doing. Controllers remember our standard rideable domain controllers half a replication amongst themselves. And they do this automatically read only demand control is, on the other hand, actually only replicate by communicating with a rideable domain controller at or above the level of the operative system that is on the redolent of a controller.
really, debate controller
has limited capabilities that we actually need to deal with. So it hence the term retold.
Remember that database that it's gonna work off of for active directory is read only copy. What now is read only want to make sure that our users
can successfully authenticate against the relay domain controller.
To do that, we actually need to manage information through our rideable domain controller. So here we are on our
master to be a controller or just say, one of our debate controllers so outside.
go through a few steps to actually get set up for this. First we need to do is get our
after director uses the computers, so go ahead. Open up
Actor director uses the computer's counsel
off of our server manager.
You can create your own environment here. If you want that, have your own embassies
and we need to actually
drill down in our infrastructure. Here, take a look at a few things.
First we want to do is make sure that
we actually are properly set up here. So we actually have to be in control. Is information here and uses. We'll go look at
So first thing we're gonna do here is look at our users and we have
and allowed our O. D C Password Replication group.
If you double click on that by default, it will have dough members.
So that's the way it's supposed to be.
And remember, we actually installed the ROTC. There was
certain groups who actually made members of
the Deny group. So without Willis will be here includes things like administrators to make. Controllers are eau de ces, et cetera.
clothes out of that. We know that set up. So
now we actually what to say
take a look at creating a group of security group to put into the allowed. So we're basically want to populate this with security groups. So let's start with, For example,
that's their research is off site. It's a really campus is gonna open up research here,
and first thing we'll do is create a security group for this purpose. So we're gonna right click on research there,
and were given a name. It's called it Says, uh, how about
So we're gonna do research already, See,
noticed the good neighbors previous two thousand's pre populated for us. And we want to go ahead and keep that
scope as global we could do to a local or we could be universal. But for the purpose of what we're doing here, which is gonna go ahead and leave is global. And obviously it's a security group, not a distribution group.
You go ahead, click out. Okay,
so now we've actually created a security group. So if we have a security group,
they were going to allow the passwords to replicate to the already see from Well, first we need to find Elliot. That security group just go ahead, open up their security group here. Double click on that.
Okay, well, what a go ahead.
Add some members in here. So it's great
And we could cook on Advanced here, go down. Unless to choose who we want or we could start typing in names. Doesn't matter. Whatever order you want to do it in, Um, let's go ahead. We'll put in, say,
check names. So there's
Chris and we want to be sure we get the right wood. So if we take a look at it says what the What did research here? That's what.
Let's take this Chris here.
Yeah, let's go. Had it put in
There's another name
put of these three users,
but it is Benny's Wanna refuse? What? Remember, we could have just one user of this. We use a security group. So if we need to add more people to the r o d C, we could do it as we go.
So we go ahead, get those in here, and then we got click out. Okay? And now we have members that are part of our already see security groups. A research already see Security group, which is then going to be added to the allowed security groups on the R T. C was gonna cook out. Okay,
so we now have users in a security. Now, we need to get this,
associate id properly with our environment. So
on our debate controllers, are you right?
Take a look here. We'll go to our actual ROTC and go ahead, open it up,
under there We actually have a tab that says password replication policy. So it's going to click on that tab
and those who actually have a list here already of denied. And I allowed, no sense is allowed. ROTC pastored replication group. Right.
So we have that. So it's ah, we have allowed there. And we can actually
add another group in here
so we can actually add another group in here. We could have a group to group either way. Want to do it? It's strictly up to us.
And we could actually
obviously we want to. We could actually put the
allowed ROTC passwords security group,
but I security group, it's out of a security group. That's how. Certainly one of pressure we could take
What do you deal with that? In terms of
how we actually functions as an environment. So we have the faster implication group. We actually have our
research already. See? Group it. Don't we want to go ahead
Go ahead and his pacification policy. We're gonna go click on add here. We're gonna have the new security group
ad that says allow passwords for the account.
It's actually be accounts, obviously, because of security
account to implicate to this our d c. So quick.
is this uses computer service kind of groups of security groups, security principles. This world would put it that research, right. So,
David, research check names would want that research.
group here, so we go ahead, select that one.
the research already see group
So at that stage, we've now actually allowed the replication. So the next do I do is what actually take a look here at our advanced have,
Who's replicated. So we have ah, one user. It's already replicated it here from a different group. But that's okay.
And we also have a constant of it. Authenticated the street a little bit controller decisional e d See, a counsellor replicated ST LL. It'd really to make a troller.
And obviously we want to see if anyone has people is going to be allowed. So we have a result instead of polish resulting policy tab here
Yeah, Let's go ahead, type. Did Louise right it quick? I checked days.
what we have is the implicit denied.
If we go ahead and type in another member of that group,
it will type in this case.
Pickle gun. Okay, so we have an implicit to die on these people. So we actually have to take into account what we have in terms of the implicit. Did I actually have to
fix that problem? So the problem that we actually have to fix is
Remember, what we did was we actually added a few things here, but do we have actually put the security group
into the security girl?
No. If you want to say if you come back down to our
actual users group here
and actually let me go ahead,
Clothes out of the windows. We have opened here
go back to our security group.
security groups, right?
Are allowed already see pastor application,
do we? Eh? Actually,
add our security group for the research
already. See in here.
So you do research do check days. There's a research already. See it click out. Okay,
So if I added them to the
already surpassed a replication
versus the Deny one.
So I would come back to our r o d c.
go back to our pastor replication policy
and we'll go back to our advance tab here.
We'll check our results. Set of policy here,
And now we have allowed.
So remember, it's implicit. Deny So Alicia should put them in the actual allowed group. Even though we added a group,
they actually a member of the allow group also,
So there's a policy. Use it. So you go ahead,
look at the policy uses tab, and we can actually now, for example,
take at pre populated password for
for example, our I t person that might actually be doing it. But this particular case, we're gonna go ahead and let
be the one. Actually, additionally it stalls are a varmint. So's Chris. We want to watch research. That's sort right here
and click out. Okay.
It says, Do you wish to set the curve password accounts? We say,
we want that. Do you actually have their passengers
free? Populated on the already see? So? Well, we actually bring it up and running initially in their environment, somebody actually is capable of doing that. So we go ahead. Yes.
were pre populated. Okay. And now you should notice that Chris is actually on our list.
I think you're right. Close out of this
quick. Okay. Here. And we could close out. Ever. Actor director uses the computers.
That's what we need to do to actually get our r o d c
credential cashing configured. We obviously would do multiple steps if we needed to
for each individual already see environment that we're working with. So that's we gives us our
get assigned to a security group. That security group gets assigned to the
allowed already. See
Uh, actually, it's allowed are already see Pastor Replication. Boss is secure
so that they get assigned to that. And then we could pre five billion passwords for
the users that we need to pre populate it on that already. See, so that would they initially goto Lord on. They don't get
I rejection bash. It's in terms of their authentication of the credentials.