RODC - What exactly gets replicated?

-

 

reading through doco on rodcs there lot of implications struggling paint absolute picture of gets replicated.

 

my first question is, groups (of kind) replicated rodcs?  i'm guessing can't find documented catagorically either way.

my second clarification of replication of user objects.  realise can restrict users allowed store cached credentials on rodc, user objects replicated rodc default, without credentials?

 

further this, aware of filtered attribute set, questions are, attributes replicated default (i.e. have actively select attributes not replicate) , how many attributes fall "system-critical" set (i.e. can't stop them replicating)?  example, can restrict replication of majority of user attributes (phone, address, org information)?

 

finally, has there been more on issue of allowing rodc gc (primarily support exchange)?

 

many thanks.

 

 

if want know more rodc, should consider visit "directory experts conference" (www.dec2007.com) in brussels next week. why? because i'm delivering presentation lot of information , demo's rodc...

 

to answer questions....

 

everything replicated rodcs except: attribute values attributes members of filtered attribute set (rodc-fas) , password hashes. passwords cached on rodc default password of own computer account , own kerberos account. groups, memberships, etc. replicated rodcs. user objects replicated rodcs, except password hash , whatever attribute member of rodc-fas...

about 28% of attributes in default w2k8 schema fall system critical set.

 

and yes, rodcs can gc



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more