Read-Only Domain Controller (RODC)
Windows Server 2008 related tips, questions, answers, concerns and more...

Posts: 98
Joined: Sat Sep 26, 2009 9:57 am
Location: India

Read-Only Domain Controller (RODC)

by ManU » Thu Oct 01, 2009 2:41 pm

One of these new features in Windows Server 2008 is the introduction of the Read-Only Domain Controller.

In a multimaster replication environment, any change made on any domain controller on the network is replicated to others. This makes administration very efficient but it does prove to be a bit of a security risk. In this model, all an intruder needs is access one domain controller to breach you network. In a distributed environment, this places all of your domain controllers in remote location as points of attack.

The read-only domain controller alleviates this risk because it only allows for one way replication. That is, active directory information is replicated to an RODC, but cannot be replicated back. This one way replication means that an attacker cannot modify active directory from the remote location and compromise the other servers in the network.

You can configure an RODC on your network by simply running the DCPROMO utility and selecting the RODC option during the domain controller promotion process.
Microsoft MVP(Exchange Server)
TechNet Forums Profile: ManU

Users browsing this forum: No registered users and 1 guest

It is currently Tue Feb 20, 2018 2:55 am