Read-Only Domain Controller Planning and Deployment Guide

Updated: April 26, 2012

Applies To: Windows Server 2008, Windows Server 2012

This section provides an overview of the guide, including what is covered in this guide as opposed what is covered in other related guides.

To obtain a copy of this guide in .doc format, see Planning and Deploying Read-Only Domain Controllers on the Microsoft Download Center (

The purpose of this guide is to explain what a read-only domain controller (RODC) is, how an RODC works, and how you can plan for and deploy RODCs in your environment. The guide is meant to be a comprehensive resource for all the information that you might need in order to use an RODC in any scenario. It will be updated continuously as additional information about using RODCs is learned as a result of customer experiences and product team recommendations.

Active Directory Domain Services in the Perimeter Network (Windows Server 2008) (

This guide details various deployments with AD DS in perimeter networks with a focus on how to plan for and deploy RODCs. Because it covers information beyond RODCs, it is offered as a separate guide.

This guide consists of the following sections:

Understanding Planning and Deployment for Read-Only Domain Controllers

This section explains what an RODC is, and it covers general issues that affect any of the scenarios that include an RODC. This chapter also provides steps for installing and administering an RODC.

Read-Only Domain Controller Branch Office Guide

This section describes special planning and deployment steps for placing RODCs in branch offices.

Appendix A: RODC Technical Reference Topics

This section includes supplemental information that can help some organizations with planning an RODC deployment.

Appendix B: Read-Only Domain Controller Related Events

This appendix covers events that can be logged for various operations RODCs.

Appendix C: Acronyms Used in This Planning and Deploying Read-Only Domain Controller Guide

This appendix includes some of the acronyms that are commonly used in discussion about RODCs.

RODCs are one of many new features that are introduced in Active Directory® Domain Services (AD DS) in the Windows Server® 2008 operating system. The following links provide more information about the other new Active Directory features and the steps that you can take to try them out:

The following guides cover related scenarios for planning and deploying AD DS and RODCs:

  • Upgrading Active Directory Domains to Windows Server 2008 AD DS Domains (

    This guide provides information about deploying writable Windows Server 2008 domain controllers and upgrading to Windows Server 2008 from Windows 2000 Server domains and Windows Server 2003 domains.

  • Designing the Logical Structure for Windows Server 2008 AD DS (

    This guide explains design considerations for creating a new forest with domain controllers that run Windows Server 2008.

  • Designing the Site Topology for Windows Server 2008 AD DS (

    This guide explains how to plan sites and site links for a new forest.

  • Branch Infrastructure Implementation Solution for Windows Server 2008 (

    This guide provides guidance to help organizations design complete branch office infrastructures. It provides planning guidance for the services in a typical branch office design, including core services such as Dynamic Host Configuration Protocol (DHCP), file server, and print server. It also covers extended services, such as virtualization, Web caching services, messaging services, and collaboration services.

  • SYSVOL Replication Migration Guide: FRS to DFS Replication (

    If you are currently using File Replication Service (FRS) for replication of the SYSVOL shared folder on domain controllers, you will have to migrate to using DFS Replication Service for SYSVOL replication after you raise the domain functional level to Windows Server 2008. You can use the Dfsrmig.exe tool to perform the migration procedure.

  • Windows Server 2003 Active Directory Branch Office Guide (

    This guide provides recommendations for deploying domain controllers that run Windows Server 2003 in a branch office environment. It also includes scripts and tools to help you monitor the environment. Some of the tools, such as the Active Directory Load Balancing tool (ADLB.exe), are useful for monitoring domain controllers that run Windows Server 2008 in addition to monitoring domain controllers that run Windows Server 2003.

Community Additions