Adding a Panzura Filer (or any other device) to a Read Only Domain Controller (RODC) requires use of a Read Write Domain Controller (RWDC).
Use the following steps add a Panzura Filer to an RODC.
Prerequisites
- Basic knowledge of Microsoft Active Directory (AD).
- Domain that is prepared for an RODC if you have not done so already. (See https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731243(v=ws.10).)
Procedure
- From the cloud controller, join the RWDC.
- From the RWDC:
- Use the following command to obtain the fully qualified domain name (FQDN) of the controller.
> dsquery computer -name <filer-hostname> - Use the following command to allow the RODC to authenticate the cloud controller.
> net localgroup "Allowed RODC Password Replication Group" <filer-NetBios-name>$ /add - Use the following command to force replication of the cloud controllers account credentials to the RODC.
> repadmin /RODCPWDREPL <RODC-HOSTNAME> <FQDN-of-filer>
- Use the following command to obtain the fully qualified domain name (FQDN) of the controller.
- Verify that the machine name appears in the AD User and Computers list on both the RWDC and RODC.
- Verify that the machine name is in the "Allowed RODC Password Replication Group"
> repadmin /PRP view <RODC-HOSTNAME> <filer-NetBios-name>$ - Add RODC hostname to DNS of RWDC.
- Use the following command to check replication is functioning.
> repadmin /showrepl <RODC> /u:<username> /pw:<password>