A. This is by design. Because sites with RODCs are generally considered less secure, you don't want clients in other sites using domain controller (DCs) in sites with RODCs. If you trust your locations with RODCs, you can modify the filter used by the DC Locator. On Windows Server 2008 DCs, open the registry editor and navigate to HKLM\System\CurrentControlSet\Services\Netlogon\Parameters. Set the NextClosestSiteFilter DWORD value to one of the following:
- 0: No filtering and any site is used.
- 1: Sites that only contain RODCs are filtered but sites that contain a mix of RODCs and writable DCs aren't filtered.
- 2 (default): Sites that contain any RODCs are filtered.
- Q. If I add a new writable Windows Server 2008 domain controller (DC) to a hub location, do I need to do anything to redistribute replication connections to my Read Only Domain Controllers (RODCs) in spoke/hub locations?
- Q. I have a very slow link between a location and a hub. Can I increase compression on the replication traffic?
- Q. Where should the primary DNS for a Read Only Domain Controller (RODC) that's a DNS server point?
- If I have Exchange 2007 in only one location, do I need a hub transport server?
Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.