Windows 2008 RODC Compatability Pack

  • Article

When you're implementing Windows Server 2008 RODC's there are a couple of compatability issues that you may get struck with on Windows XP or Windows Server 2003 clients.  This KB article details the various issues that you may strike, and provides downloads for the compatability pack.

 There are ten issues which you might come across, a brief summary of each is below:

  • If a client can access only read-only domain controllers, Windows Management Instrumentation (WMI) filters that are configured for Group Policy are not applied.
  • Internet Protocol security (IPsec) policies cannot be applied, and Win32 error code 8219 (ERROR_POLICY_OBJECT_NOT_FOUND) is returned when only Windows Server 2008 read-only domain controllers are available.
  • Windows Server 2003 member computers and Windows XP member computers do not synchronize Win32 time with Windows Server 2008 read-only domain controllers.
  • Computers in a perimeter network cannot join the domain.
  • In a site that has only read-only domain controllers available, users try to change their passwords on computers that are running Windows 2000, Windows XP, or Windows Server 2003. When the users do this, the password change operation fails.
  • Windows Server 2008 read-only domain controllers cannot retrieve or create the public key certificate by using the LsaRetrievePrivateData function or the LsaStorePrivateData function.
  • When you try to publish a printer, the published printer may not work correctly.
  • In a site that has only read-only domain controllers available, you use the Find Printer dialog box on a client computer that is running Windows 2000, Windows XP, or Windows Server 2003. When you do this, the Find Printer dialog box stops responding.
  • Active Directory Service Interfaces (ADSI) API functions in Windows Server 2003 and in Windows XP always send requests to a remote writable domain controller instead of to a local read-only domain controller.
  • Domain controllers that are running Windows Server 2003 perform automatic site coverage for sites that have read-only domain controllers.