List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] Auth2 list - RODCs

Prev Next

You are not authorized to post a reply.

Author

Messages

bijubabuk

Posts:109

06/30/2010 3:10 PM
Hello, I was going through some thought process about how you can dynamically populate the "allowed RODC password replication group" to enable the user to login to the RODC when a WAN is down. In order to do that I understand the RODC keeps a list called "Authen2 list" (msDS-AuthenticatedToAccountList) which contains the users/computers list tried to logon using the local RODC. And using "repadmin /prp move" you can import this list to a group to cache them in the local RODC.I am thinking about to write a small script and schedule it. But I was wondering how long this list holds the name of users/computers in it ? Regards Biju P Please consider our environmental responsibility before printing this e-mail

bijubabuk

Posts:109

07/08/2010 3:49 AM
If someone is curious, "The attribute msDS-AuthenticatedToAccountList (on each RODC's computer object) holds a list of users that have authenticated to the RODC. This information is persistent. It does not clear, or age out ,automatically. However, administrators can clear the information" - Answer from MS To clear the AuthenticatedTo List - http://technet.microsoft.com/en-us/library/rodc-guidance-for-administeri ng-the-password-replication-policy(WS.10).aspx#BKMK_ClearAuth2 To move the accounts from Aunth2 list to Allow list - http://technet.microsoft.com/en-us/library/rodc-guidance-for-administeri ng-the-password-replication-policy(WS.10).aspx#BKMK_PRPMove - "If you do not want to clear the list of accounts that have authenticated to the RODC, include the /noauth2cleanup command" Regards Disclaimer: All postings are provided "AS IS" with no warranties, and confer no rights Biju Babu IT Technical Analyst, Identity and Service Management Phone : +91-124-4090264 Rnet : 791-345 Email : biju_babu@cargill.com <mailto:biju_babu@cargill.com> My working hours are from 11:00 to 19:30 IST (00:30 to 09:00 CST) P Please consider our environmental responsibility before printing this e-mail From: Babu, Biju - Biju_Babu@cargill.com Sent: Wednesday, June 30, 2010 7:39 PM To: 'activedir@mail.activedir.org' Subject: [ActiveDir] Auth2 list - RODCs Hello, I was going through some thought process about how you can dynamically populate the "allowed RODC password replication group" to enable the user to login to the RODC when a WAN is down. In order to do that I understand the RODC keeps a list called "Authen2 list" (msDS-AuthenticatedToAccountList) which contains the users/computers list tried to logon using the local RODC. And using "repadmin /prp move" you can import this list to a group to cache them in the local RODC.I am thinking about to write a small script and schedule it. But I was wondering how long this list holds the name of users/computers in it ? Regards Biju P Please consider our environmental responsibility before printing this e-mail

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Auth2 list - RODCs

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads