Adding a Read Only Domain Controller

Adding a Panzura Filer (or any other device) to a Read Only Domain Controller (RODC) requires use of a Read Write Domain Controller (RWDC).

Use the following steps add a Panzura Filer to an RODC.

Prerequisites

  • Basic knowledge of Microsoft Active Directory (AD).
  • Domain that is prepared for an RODC if you have not done so already. (See https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731243(v=ws.10).)

Procedure

  1. From the cloud controller, join the RWDC.
  2. From the RWDC:
    1. Use the following command to obtain the fully qualified domain name (FQDN) of the controller.
      > dsquery computer -name <filer-hostname>
    2. Use the following command to allow the RODC to authenticate the cloud controller.
      > net localgroup "Allowed RODC Password Replication Group" <filer-NetBios-name>$ /add
    3. Use the following command to force replication of the cloud controllers account credentials to the RODC.
      > repadmin /RODCPWDREPL <RODC-HOSTNAME> <FQDN-of-filer>
  3. Verify that the machine name appears in the AD User and Computers list on both the RWDC and RODC.
  4. Verify that the machine name is in the "Allowed RODC Password Replication Group"
    > repadmin /PRP view <RODC-HOSTNAME> <filer-NetBios-name>$
  5. Add RODC hostname to DNS of RWDC.
  6. Use the following command to check replication is functioning.
    > repadmin /showrepl <RODC> /u:<username> /pw:<password>
This completes the process of adding a cloud controller to an Active Directory RODC. Select Configuration > Basic > Active Directory in the Web UI to display the name of the RODC the controller has joined.