Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
3.3.5.7.7 Read-only Domain Controller (RODC)

3.3.5.7.7 Read-only Domain Controller (RODC)

When a Key Distribution Center (KDC) which is a read-only domain controller (RODC) receives:

  • An AS-REQ message with a PA-PAC-OPTIONS [167] (section 2.2.10) PA-DATA type with the forward to full DC bit set, the RODC SHOULD forward the AS-REQ to a full DC.

  • A TGS-REQ message with a PA-PAC-OPTIONS [167] (section 2.2.10) PA-DATA type with the Branch Aware bit set, and the application server (SNAME) is not in its database, the RODC SHOULD return server principal unknown with the substatus message of NTSTATUS STATUS_NO_SECRETS ([MS-ERREF] section 2.3.1).

Show:
© 2015 Microsoft