Read-only Domain Controllers

By default a domain controller is a read/write domain controller. So, it can be used to authenticate against it, but also to e.g. set a new password. That password will then be replicated out to other domain controllers on your network.

Why would you need a read-only domain controller now?

In short: for security reasons (not performance, availability, ...).

The assumption is that remote offices will be less secured than the company headquarters for many reasons (e.g. reducing IT costs on security). As such it is handy to have a local domain controller that clients can use to authenticate on-site. Yet, those should not be allowed to replicate data back to the central system, as they are assumed to be more vulnerable to attacks and breaches than the (hopefully) fortified HQ.


Sources:

Comments

Post a Comment

Popular posts from this blog

SQL Server Setup: Windows Firewall warning (Ports)

Image
What was it again SQL server setup throws out, when you have your Windows Firewall on?! Rule "Windows Firewall" generated a warning. The Windows Firewall is enabled. Make sure the appropriate ports are open to enable remote access. See the rules documentation at http://go.microsoft.com/fwlink/?LinkId=94001 for information about ports to open for each feature. Keywords: Setup, Firewall, Ports, SQL Server, Microsoft
Read more

SQL Server 2014 Enterprise Edition: Server Setup: Feature Selection

Note: Still needs Microsoft .NET Framework 3.5. Instance Features The configuration and operation of each instance feature of a SQL Server instance is isolated from other SQL Server instances. SQL Server instances can operate side-by-side on the same computer. Database Engine Services Includes the Database Engine, the core service for storing, processing and securing data. The Database Engine provides controlled access and rapid transaction processing and also provides rich support for sustaining high availability. The Database Engine also provides support for the utility control point in the SQL Server Utility. Only Database Engine Services and Analysis Services can be clustered. SQL Server Replication Includes a set of technologies for copying and distributing data and database objects from one database to another and synchronizing between the databases for consistency. You can use replication to distribute data to different locations, and to remote a
Read more

How to read an assembly.dll.config

There is the common misconception that only a app.exe.config can be read in .NET C#. The truth is that the app.config is automatically read, while any other (correctly formed) app.config XML file can be read "manually". To open a named config file: Reference System.Configuration.dll assembly Using System.Configuration Create code like: Configuration GetDllConfiguration(Assembly targetAsm) { var configFile = targetAsm.Location + ".config"; var map = new ExeConfigurationFileMap { ExeConfigFilename = configFile }; return ConfigurationManager.OpenMappedExeConfiguration(map, ConfigurationUserLevel.None); } Sources: stackoverflow: Reading dll.config (not app.config!) from a plugin module Keywords: .NET, C#, app.config, dll.config, ConfigurationManager
Read more