RODC or Read-only Domain Controller is Windows Server 2008 feature that deploys locked version of Active Directory Domain Controller database. RODC is suitable for small branch offices and remote work locations where physical security is not established. You can install RODC on a Server Core to reduce disk resource and increase server security.
The key features of RODC include;
- Read-only replicas of the Active Directory database which holds read only version of Active Directory Domain Services (AD DS) objects and attributes.
- Filtered Attribute Set Configuration – provides method to prevent Active Directory attribute replications.
- Read-only DNS – Allows single direction replication of the DNS which does not allow direct client updates.
- Cached Required Accounts – Only caches necessary user accounts so if the RODC is compromised, only the accounts that have been compromised need to be reset.
To install RODC, you must have fully working Windows Server 2008 Domain Controller to act as primarily controller. RODC is also only supported in Windows Server 2003 forest or Windows Server 2008 forest. Publisher: abdirahman isse