Read-Only Domain Controllers Step-by-Step Guide
Updated: June 29, 2010
Applies To: Windows Server 2008
This step-by-step guide provides instructions for planning, installing, and using a read-only domain controller (RODC). An RODC is a new type of domain controller in the Windows Server® 2008 operating system. This new type of domain controller, as its name implies, hosts read-only partitions of the Active Directory® database.
An RODC makes it possible for organizations to easily deploy a domain controller in scenarios where physical security cannot be guaranteed, such as branch office locations, or in scenarios where local storage of all domain passwords is considered a primary threat, such as in an extranet or in an application-facing role.
Organizations that can guarantee the physical security of a branch domain controller might also deploy an RODC because of its reduced management requirements that are provided by such features as unidirectional replication.
Because RODC administration can be delegated to a domain user or security group, an RODC is well suited for a site that should not have a user who is a member of the Domain Admins group.
June 29, 2010
Fixed broken link