Forest Recovery Console - RODC not found on project creation/update

Hi there,

 

I have stumbled across an issue regarding the Forest Recovery Console and RODCs. Whenever I have an RODC as the only DC in an AD site, it will not show up in the list of DCs when updating the project. I could reproduce this issue in two independent environments with version 8.6.3 and version 8.8.

Example: The AD contains two sites, Site A and Site B. Site A contains two RWDCs, while Site B contains only one RODC. When I create a new project, connecting to the forest, only the two RWDCs in Site A will show up. When I move one of the RWDCs from Site A to Site B and update the project, it will show the moved RWDC as "modified" (correct) and the RODC as "added" (correct as well). When I move the RWDC back to Site A and update the project, it will show the RWDC as "modified" (again correct) and the RODC as "removed". The last bit is what puzzles me.

Am I missing something here? I double-checked the site configuration, nothing unusual there. The user used to access the forest has domain admin rights.

Does the Forest Edition only support RODCs if they are in the same site together with atleast one RWDC?

 

Thank you for your input!

Ruben

  • Please look KB or manuals on RODC. My understanding: RODC is the DC which should not be touched to write-in and can be read-from only. the RODC is locked completely. Therefore it is positive and correct abd might be by design behavior, that RMAD-FE cannot use RODC for both Online Restore and Forest DR (which to require Agents (Backup, DR, OnlineRestore) to be written-in to the RODC).

    Aidar Karabalaev

  • In reply to Aidar.Karabalaev:

    According to the manual, RODCs cannot be recovered from backups, yes, but I should be able to configure the other options (Reinstall, Uninstall, do not recover) for RODCs in the Forest Recovery Console. Since the RODC is not showing up, i cannot configure it.

    My understanding of this console is that every DC should show up there, and I can configure if and how they should be recovered in a DR. In my case, i would be missing out on the single RODC which might introduce some serious issues after the other DCs have been recovered. So i would assume that this RODC should show up?
  • In reply to Ruben Willmes:

    During Forest DR execution, all RODC must be shut down (cannot be recovered) and metadata must be cleared in recovered AD. You want in DR project chose all RODCs option | "Do not recover". Makes sense.
    I recommend to open support case to get exact answer: exact and *supported* product behavior by *design* in the described situation.

    Aidar Karabalaev

  • In reply to Ruben Willmes:

    Hello Ruben!
    Better late than never. You are right for RODC Forest Recovery supports three recovery methods. This is known issue that RODC in site without RWDC cannot be discovered. Issue is fixed in RMADFE 8.8.1. Please contact Support to obtain patch for older version.