Univention Corporate Server

Extended Windows integration documentation

Table of Contents

1. Advanced Samba documentation
1.1. Operating Samba 4 as a read-only domain controller
Bibliography

Chapter 1. Advanced Samba documentation

1.1. Operating Samba 4 as a read-only domain controllerFeedback

Active Directory offers an operating mode called read-only domain controller (RODC) with the following properties:

  • The data are only stored in read-only format; all write changes must be performed on another domain controller.

  • Consequently, replication is only performed in one direction.

A comprehensive description can be found in the Microsoft TechNet Library [technet-rodc].

A Samba 4 domain controller can be operated in RODC mode (on a slave domain controller for example). Prior to the installation of univention-samba4, the Univention Configuration Registry variable samba4/role must be set to RODC: 

ucr set samba4/role=RODC
univention-install univention-samba4
univention-run-join-scripts

Bibliography

[technet-rodc] Microsoft. 2012. AD DS: Read-Only Domain Controllers. http://technet.microsoft.com/en-us/library/cc732801%28v=ws.10%29.aspx.