Installing Forefront TMG on a domain controller

  • Article

This section provides instructions on how to install Forefront TMG on a read-only domain controller (RODC). Installing Forefront TMG on an RODC is different than a typical installation of Forefront TMG and different from a typical installation of an RODC. To install Forefront TMG on an RODC, you must complete the following high-level tasks:

  1. Prepare the Headquarters Domain Controller (HQ DC), which includes the following tasks:

    1. Create a new branch account in Active Directory Domain Services (AD DS).

    2. Pre-create an RODC account in AD DS.

    Note

    These accounts must include Forefront TMG security groups.

  2. Connect the branch server to the RODC account.

  3. Install Forefront TMG SP1 via a slipstream installation.

These instructions describe how to perform a staged installation of an RODC, in which the installation is completed in two stages by different individuals. The first stage of the installation, which requires domain administrative credentials, creates an account for the RODC in AD DS. The second stage of the installation attaches the actual server that will be the RODC in a remote location, such as a branch office, to the account that was previously created for it. You can delegate the ability to attach the server to the account to a nonadministrative group or user in the remote location.

Important

The server that will become the RODC must not be joined to the domain before you try to attach it to the RODC account. As part of the installation, the wizard automatically detects whether the name of the server matches the names of any RODC accounts that have been created in advance for the domain. When the wizard finds a matching account name, it prompts the user to use that account to complete the RODC installation. You can use the Active Directory Users and Computers snap-in to create an RODC account.

For more information about read only domain controllers, see Read-Only Domain Controller Planning and Deployment Guide (https://go.microsoft.com/fwlink/?LinkID=160576), and for information specific to installing RODCs in stages, see Performing a Staged RODC Installation (https://go.microsoft.com/fwlink/?LinkID=196009).

The following topics provide information for installing Forefront TMG on an RODC:

Concepts

Forefront TMG Deployment