Keep in mind that
- You need at least one writable domain controller to Install a Read Only Domain Controller
TUTORIAL
Firstly install the windows server 2016
https://techencyclopedia.wordpress.com/2016/08/24/install-windows-server-2016-step-by-step/
Log in
Configure Network Card (provide a static IP address and DNS)
Add roles and features
Click Next to continue
select role based installation type (by default this option is selected)
Select the Server
Select Active Directory Domain Service Services Role
Keep the default features
Click Next
Click Install
Click Close after installation
Promote the server to a domain controller
Provide the domain name and user credentials for deployment operations
Provide DSRM password and select Read Only Domain Controller (RODC)
Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. It is used to log on to the computer when Active Directory has failed or needs to be restored.
Keep the RODC options as it is
Keep the locations for AD DS database, log files and SYSVOL as it is
Review options before installation starts
Install Active Directory Domain Services
After Active Directory Domain Services installation restart the server
Check Installed Read-only Domain controller
Make sure to Connect to the RODC
Configure the Administrators role
Type dsmgmt in the run
Type
local roles add <DOMAIN>\<user> Administrators
Log in as other user
To Configure RODC password policies go to RODC properties
- Configure password caching allowed and denied groups as per the requirement
- Click on Advanced to display a list of users for which the passwords have been cached.