Read-Only Domain Controllers in Server 2008

Posted: January 5, 2011 in Active Directory, Server, Server 2008, System Information
Tags: , ,

A read-only domain controller (RODC) hosts a read-only copy of the Active Directory database. This is somewhat of an untrue, because changes can be made to the database. However, the changes can come only from other domain controllers, and the entire database isn’t replicated; instead, only a few select objects are replicated.


Usually, domain controllers are considered peers where they are all equal (with a few exceptions). Any objects can be added or modified such as adding a user or a user changing their password on any domain controller. These changes are then replicated to other domain controllers. However, with RODCs, changes to the domain controller can come only from other domain controllers. Moreover, the changes are severely restricted to only a few select objects.


The huge benefit of the RODC is that credentials of all users and computers in Active Directory are not replicated to the RODC. This significantly improves the security of domain controllers that are placed at remote locations.


  1. Noelle says:

    Aw, this was a very nice post.

  2. Kyani says:

    I’ve put a dofollow link to your blog! Approve this trackback to make it permanent

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s