Hi Everyone
I have a requirement to setup Read Only Domain Controller. I have never setup any domain controller earlier.
i have two writable domain controllers DC1,DC2 which are 2019 OS. I need to setup a RODC in DMZ which is RODC1. Please guide me.
I came up with new windows 2019 server lets say RODC1.my all servers are hosted in azure.
As per the below article i will restrict RPC traffic to a specific port.
https://learn.microsoft.com/en-US/troubleshoot/windows-server/identity/restrict-ad-rpc-traffic-to-specific-port
On the new RODC1 i will modify the below registry values.
Step1--> i will perform this.
Registry key 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Registry value: TCP/IP Port
Value type: REG_DWORD Value data: 9985
Registry key 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DCTcpipPort
Value type: REG_DWORD Value data: 9986
Step2-->
https://blogs.technet.microsoft.com/askds/2009/07/16/configuring-dfsr-to-a-static-port-the-rest-of-the-story/
dfsrdiag staticrpc /port:9987
Do i need to execute the above command on DC1,DC2,RODC1 or only on RODC1?
Step3-->Since my RODC is in DMZ what ports do i need to allow so that this RODC can communicate with writeable Domain Controllers DC1 and DC2.
Step4-->Install RODC i will follow the below article
https://dailysysadmin.com/KB/Article/3947/how-to-create-a-windows-server-2019-rodc-or-read-only-domain-controller/