Hi all,
i currently try to implement a RODC (2012R2) in a Branch office.
The branch is connected to the main site but only the RODC can directly reach the writable domaincontroller, not the clients.
So far, this works. i installed the RODC, precached a test user account and computer, created a site for the branch.
The clients can logon over the RODC. The only problem i have, the users cannot change their passwords over the RODC. I know that password changes are not allowed if the writable DCs are not reachable. But i also thougt that the RODC can act as a "Proxy".
So the user changes his password, it get´s forwarded to the RODC and the RODC forward the change to the writable DC in the main site.
Whenever i try to change the PW, i get the standard error message that the password does not meet the complexity requirements. However, the password complexity is not the issue. As soon as I disable the ACL so that the clients can reach the writable domain controller, the password change works flawessly.
Any idea?
Thanks in advance?