What Is an RODC?
Updated: April 26, 2012
Applies To: Windows Server 2008, Windows Server 2012
Read-only domain controllers (RODCs) are a new feature of Active Directory Domain Services (AD DS) in Windows Server 2008. RODCs are additional domain controllers for a domain that host complete, read-only copies of the partitions of the Active Directory database and a read-only copy of the SYSVOL folder contents. By selectively caching credentials, RODCs address some of the challenges that enterprises can encounter in branch offices and perimeter networks (also known as DMZs) that may lack the physical security that is commonly found in datacenters and hub sites. RODCs also offer a number of manageability improvements that are described in this guide. This section describes how RODCs work with the rest of the Active Directory environment, the main differences between RODCs and writable domain controllers, and the RODC features that can help resolve a number of security or manageability issues.
Read-Only Active Directory Database, SYSVOL, and Unidirectional Replication
RODC Filtered Attribute Set, Credential Caching, and the Authentication Process with an RODC
Administrator Role Separation
Differences Between an RODC and a Writable Domain Controller
Advantages That an RODC Can Provide to an Existing Deployment