How can I get LAPS working on servers that only can access a RODC?
Ho can they populate the LAPS attributes when they cannot contact an RWDC?
How can I get LAPS working on servers that only can access a RODC?
Ho can they populate the LAPS attributes when they cannot contact an RWDC?
I believe if the servers have no access to the RWDC whatsoever and only to the RODC, the LAPS solution will not work.
This has also been discussed in other thread over here:
If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!
Best regards,
Leon
Hello Jan A,
You can perform these procedures to exclude specific data from replicating to RODCs in the forest. Because the data is not replicated to any RODCs, you can be assured that the data will not be revealed to an attacker who manages to successfully compromise an RODC. In most cases, adding an attribute to the RODC FAS is completed by the developer of the application that added the attribute to the schema.
Determine and then modify the current searchFlags value of an attribute
Verify that an attribute is added to the RODC FAS
To get to know further about the LAPS working and attributes do follow up the below link,
Hope this answers all your queries, if not please do repost back.
If an Answer is helpful, please click "Accept Answer" and upvote it : )
But the computer never has access to a RWDC, how can it update the ms-Mcs-AdmPwd attribute then?
Hello Jan,
Since the computer has no access to RWDC, you can't execute the steps mentioned above.
9 people are following this question.