Jaa


RODC connection object is goes AWOL

If the RODC connection object goes Absent With Out Leave (AWOL) then there are some steps to recover it, taken from the Ask the Directory Services Team's Blog site (https://blogs.technet.com/b/askds/archive/2010/10/08/friday-mail-sack-cluedo-edition.aspx)

RODCs require a special flag on their connection objects for SYSVOL replication to work. If not present, SYSVOL will not work for FRS or DFSR. To fix these servers:

1. Logon to a writable DC in the affected forest as an Enterprise Admin.

2. Run DSSITE.MSC and navigate to an affected RODC within its site, down to the NTDS Settings object. There may be no connections listed here, or there may be manually created connections.

dssitenedpyle1

3. Create a new connection object. Ideally, it will be named the same as the default (ex: "RODC Connection (FRS)").

dssitenedpyle2

4. Edit that connection in ADSIEDIT.MSC or with DSSITE.MSC attribute editor tab. Navigate to the "Options" attribute and add the value of "0x40".

dssitenedpyle3

dssitenedpyle4

5. Create more connections using these steps as necessary.

6. Force AD replication outbound from this DC to the RODCs, or wait for convergence. When the DFSR service on the RODC sees these connections, SYSVOL will begin replicating again.

More info about this 0x40 flag: https://msdn.microsoft.com/en-us/library/dd340911(PROT.10).aspx

RT (NTDSCONN_OPT_RODC_TOPOLOGY, 0x00000040): The NTDSCONN_OPT_RODC_TOPOLOGY bit in the options attribute indicates whether the connection can be used for DRS replication [MS-DRDM]. When set, the connection should be ignored by DRS replication and used only by FRS replication.

Despite the mention only of FRS in this article, the 0x40 value is required for both DFSR and FRS. Other connections for AD replication are still separately required and will exist on the RODC locally.

Comments

  • Anonymous
    January 01, 2003
    I hate editing settings in ADSI directly - but thanks for sharing. The day will come where we need this information!

  • Anonymous
    January 01, 2003
    Automation scripts?

  • Anonymous
    January 01, 2003
    Cool. Very usefull

  • Anonymous
    January 07, 2013
    Great article, but why on earth would an RODC connection go AWOL in the first place?

  • Anonymous
    April 05, 2015
    Thanks for your amazing article, but I have one question please in my CAS I have removed the RODC server from NTDS settings by mistake and when try to add a new connection I found only the writable domain controllers, how can I resolve this issue.

  • Anonymous
    April 05, 2015
    Thanks for your amazing article, but I have one question please in my CAS I have removed the RODC server from NTDS settings by mistake and when try to add a new connection I found only the writable domain controllers, how can I resolve this issue.

  • Anonymous
    September 01, 2015
    I just used this one - I had a writable DC and a RODC in the same location - I removed the writable DC because I wanted the RODC at the branch site, but the RODC connection was only to the local writable DC. So it was left there hanging. Thanks for your article.