Export (0) Print
Expand All

3.3.5.7.7 Read-only Domain Controller (RODC)

When a Key Distribution Center (KDC) which is a read-only domain controller (RODC) receives:

  • An AS-REQ message with a PA-PAC-OPTIONS [167] ([MS-KILE], section 2.2.9) PA-DATA type with the forward to full DC bit set, the RODC SHOULD forward the AS-REQ to a full DC.

  • A TGS-REQ message with a PA-PAC-OPTIONS [167] ([MS-KILE], section 2.2.9) PA-DATA type with the Branch Aware bit set, and the application server (SNAME) is not in its database, the RODC SHOULD return server principal unknown with the substatus message of NTSTATUS STATUS_NO_SECRETS ([MS-ERREF] section 2.3.1).

 
Show:
© 2014 Microsoft