What Is the Purpose of a Read Only Domain Controller?

FAQs Jackson Bowman September 8, 2022

Windows Server 2008 introduces a new type of domain controller, the read-only domain controller (RODC). This provides a domain controller for use in branch offices where a full domain controller cannot be placed.

Why would you use a read-only domain controller?

The primary reason for using an RODC is primarily for security purposes, while at the same time providing domain resiliency in remote offices. If a remote office has poor physical security or only serves a small number of very non-IT savvy employees, there’s no good reason to have a fully writable domain controller on-site.

In which two circumstances should you deploy a read-only domain controller?

Why do companies use a read-only domain controller RODC?

The main advantages of an RODC are as follows: Reduced security risk for a writable copy of Active Directory. Better login times compared to authenticating over a WAN connection. Better access to the authentication resource on the network.

What is main feature available in read-only domain controller?

The main features of an RODC are as follows: A read-only AD Domain Services (AD DS) database – Applications that only need read access to the database can use the RODC; However, all database changes must be made to a Read-Writable DC (RWDC) and then replicated back to the RODC.

What is the difference between DC and GC?

A typical DC contains details about the domain it resides in, but GC servers contain additional information about each domain in the forest. GCs are especially important to plan for properly when deploying multiple AD domains.

How do I promote a read-only domain controller?

Click on the “Promote this server to a domain controller” link. In the Active Directory Domain Services Configuration Wizard, select Add a domain controller to an existing domain. In the next step, select the Read-only domain controller (RODC) check box and enter a Directory Services Restore Mode (DSRM) password.

Can a read-only domain controller be a DNS server?

It is possible to configure an RODC as a DNS server, allowing clients to query the RODC for DNS information. However, an RODC only has read-only copies of DNS information, and there is no way to replicate DNS changes to writable DNS servers. An RODC cannot make DNS changes.

What is a read only server?

The server’s read-only mode is designed to allow administrators to prevent changes to directory contents while performing tasks such as suffix re-indexing.



© 2022

We use cookies to ensure that we give you the best experience on our website.
Privacy Policy