Applications That Are Known to Work with RODCs

Applies To: Windows Server 2008

The following applications are known to be compatible with read-only domain controllers (RODCs), although some of them might not work properly if they are installed directly on an RODC.

Subsequent sections explain common problems that you might encounter with custom applications that interact with RODCs and suggest steps that you can take to resolve problems.

  • Microsoft Internet Security and Acceleration (ISA) server

  • Microsoft Office Live Communications Server

Important

If you plan to install Microsoft Office Live Communications Server directly on an RODC, you may have to create groups and service accounts that necessary for the underlying SQL data store. For more information, see article 947986 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=120529).

  • Microsoft Systems Management Server (SMS)

  • Microsoft Office Outlook

Note

Microsoft Exchange Server does not use RODCs. However, you can configure Outlook clients in a branch office that is serviced by a read-only global catalog server to use the read-only global catalog server for global address book lookups.

  • Microsoft Operations Manager (MOM)

  • Windows SharePoint Services

Note

You can download Windows SharePoint Services from the Microsoft Web site. It is not included in Windows Server 2008.

  • Microsoft SQL Server 2005

Important

If you plan to install Microsoft SQL Server 2005 directly on an RODC, you may have to create the appropriate users and groups and ensure that they are replicated to the RODC before the installation. For more information, see article 947986 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=120529).

  • Windows Server services, including:

    • Active Directory Certificate Services (AD CS). However, a certification authority (CA) will need to contact a writeable domain controller in the following circumstances:

      • When the CA reads templates, because it may need to add superseded templates to the CA object

      • When the CA queries AD DS for user and computer objects

      • If the CA is configured to publish a certificate revocation list (CRL) to LDAP

      • If the CA issues a certificate that is configured to be published to AD DS

    • Active Directory Rights Management Services (AD RMS)

    • Credential Roaming

    • Distributed File System (DFS)

    • Distributed File System Replication (DFSR) and File Replication Service (FRS)

    • Domain Name System (DNS)

    • Dynamic Host Configuration Protocol (DHCP)

Important

If you plan to install DHCP directly on an RODC, you have to create the appropriate users and groups and ensure that they are replicated to the RODC before the installation. For more information, see DHCP Users Group Configuration (https://go.microsoft.com/fwlink/?LinkID=120531).

  - Group Policy  
      
  - Internet Authentication Service (IAS) and Network Policy Server (NPS)  
      

Note

NPS targets a writeable domain controller for password changes.

  - Internet Information Services (IIS)  
      
  - Network Access Protection (NAP)  
      
  - Terminal Services (Users and Computers snap-in)  
      
  - Terminal Services Licensing server