How To Secure Accounts If an RODC is Stolen

In the previous post, we have discussed the benefits of using a Read-Only Domain Controller (RODC). We have also explained how to deploy RODC server. The same topology will be used for this post. So, we recommend you to have a quick look what topology we are going to use. Sometimes things may not go in the way as we expect. For example, what would happen if someone has stolen one of your the entire RODC server? Being a server administrator, it is your responsibility to secure all the user and computer accounts whose password were cached on the stolen RODC. In this post, we will explain how to secure accounts if someone has stolen your RODC server.

Steps To Secure Accounts if the RODC is Stolen

To secure accounts and reset the current credentials that are cached on an RODC if the RODC is stolen, you need to perform the following steps:

  1. Sign in to Primary Domain Controller server and open the Active Directory Users and Computers
  2. Expand the Domain Controllers node to list all the available DCs.
  3. In the details pane, select and right-click the RODC server which has been stolen and then select the Delete option. In our example, it is SERVER1 that we have deployed in the previous post.Secure Accounts if RODC is stolen
  4. Click Yes to confirm the deletion.
  5. In the Deleting Active Directory Domain Controller dialog box, read and understand all the available options carefully. Here, you can select the following check boxes depending on your choice and the types of accounts (users or computers) that have been stolen:
  • Reset all passwords for user accounts that were cached on this read-only domain controller.
  • Reset all passwords for computer accounts that were cached on this read-only domain controller.
  • Export the list of accounts that were cached on this read-only domain controller to this file.
  1. Refer the following figure to understand the preceding options.reset all passwords for user accounts that were cached on RODC
  2. Specify a file name where the RODC cached credentials will be stored and then click Delete. You can refer this file later to reset the credentials of stolen users and computers accounts.
  3. Click OK to confirm the selection. Ensure that the RODC server is removed from the Domain Controllers node in the Active Directory Users and Computers console.
  4. Close the Active Directory Users and Computers console.

That’s all you need to secure accounts if the RODC is stolen. Hope, it helped you and you would share the article to encourage us.

Posted in Windows Server 2016 Tagged with: ,