Verify if your Active Directory Schema has RODC extension

Posted on by

Hello,

Since Windows Server 2008, Microsoft release Read Only Domain Controllers, but those require a schema extension for old schema version. Whatever schema version you use, you can see if it contains the RODC extension by looking in the “ForestUpdates” container in the configuration partition :

RodcExtension

You can also use those PowerShell lines :

$RodcPrepared = [ADSI]"LDAP://CN=ActiveDirectoryRodcUpdate,CN=ForestUpdates,CN=Configuration,DC=$([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Name -replace '[.]',',DC=')"
if($RodcPrepared.name -eq "ActiveDirectoryRodcUpdate"){$IsRodcPrepared = $true}else{$IsRodcPrepared=$false}

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.