Understanding the Need for RODCs
Before Windows Server 2008, DCs could only be deployed with full read/write replicas of domain objects. Any change initiated at a DC would eventually replicate to all DCs in the forest. This would occur even if the change was undesirable, such as in the case of a security compromise.
In remote sites, physical security was an issue for these DCs. Although organizations didn’t want to deploy DCs to these sites for security reasons, in many cases slow WAN links would dictate that the remote office would need a local DC, or run the risk of diminished performance in those sites.
In response to these issues, Microsoft built the concept of RODCs into Windows Server AD DS. They also built functionality in RODCs that allowed ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
