Read-Only Domain Controller (RODC)

Windows Server 2008 related tips, questions, answers, concerns and more...
Post Reply
ManU
Founder
Founder
Posts: 98
Joined: Sat Sep 26, 2009 9:57 am
Location: India
Contact:

Read-Only Domain Controller (RODC)

Post by ManU » Thu Oct 01, 2009 2:41 pm

One of these new features in Windows Server 2008 is the introduction of the Read-Only Domain Controller.

In a multimaster replication environment, any change made on any domain controller on the network is replicated to others. This makes administration very efficient but it does prove to be a bit of a security risk. In this model, all an intruder needs is access one domain controller to breach you network. In a distributed environment, this places all of your domain controllers in remote location as points of attack.

The read-only domain controller alleviates this risk because it only allows for one way replication. That is, active directory information is replicated to an RODC, but cannot be replicated back. This one way replication means that an attacker cannot modify active directory from the remote location and compromise the other servers in the network.

You can configure an RODC on your network by simply running the DCPROMO utility and selecting the RODC option during the domain controller promotion process.
Thanks
MANU PHILIP
Microsoft MVP(Exchange Server)
| MCITP | MCTS | MCSA | ITIL V3 |
TechNet Forums Profile: ManU

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest