Q. I enabled the Try Next Closest Site setting, but my clients are ignoring sites that contain Read-Only Domain Controllers (RODCs). What's wrong?

John Savill

April 7, 2009

1 Min Read
ITPro Today logo

A. This is by design. Because sites with RODCs are generally considered less secure, you don't want clients in other sites using domain controller (DCs) in sites with RODCs. If you trust your locations with RODCs, you can modify the filter used by the DC Locator. On Windows Server 2008 DCs, open the registry editor and navigate to HKLMSystemCurrentControlSetServicesNetlogonParameters. Set the NextClosestSiteFilter DWORD value to one of the following:

  • 0: No filtering and any site is used.

  • 1: Sites that only contain RODCs are filtered but sites that contain a mix of RODCs and writable DCs aren't filtered.

  • 2 (default): Sites that contain any RODCs are filtered.

Related Reading:

  • Q. If I add a new writable Windows Server 2008 domain controller (DC) to a hub location, do I need to do anything to redistribute replication connections to my Read Only Domain Controllers (RODCs) in spoke/hub locations?

  • Q. I have a very slow link between a location and a hub. Can I increase compression on the replication traffic?

  • Q. Where should the primary DNS for a Read Only Domain Controller (RODC) that's a DNS server point?

  • If I have Exchange 2007 in only one location, do I need a hub transport server?

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.

About the Author(s)

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like