What is the use of RODC in Windows 2012?
A read-only domain controller (RODC) is a server that hosts an Active Directory database’s read-only partitions and responds to security authentication requests.
How do I setup my 2012 RODC?
Preparing the RODC Click the Manage link at the top-right of the Server Manager console. On the Before you begin screen, click Next. On the Select installation type screen, ensure Role-based or feature-based installation is selected, and then click Next. On the Select destination server screen, click Next.
What is the difference between DC and RODC?
The key word here is *writable*, meaning that changes made on a DC will impact the entire domain. An RODC, on the other hand, stores read-only data about a subset of users and computers in the domain which it has been authorized to authenticate.
What is Windows Server RODC?
An RODC is a new type of domain controller that hosts read-only partitions of the Active Directory database. Except for account passwords, an RODC holds all the Active Directory objects and attributes that a writable domain controller holds.
What can RODC do?
The main benefits of an RODC are as below: Reduced security risk to a writable copy of Active Directory. Better logon times compared to authenticating across a WAN link. Better access to the authentication resource on the network.
How do you set up a RODC?
Click on the “Promote this server to a Domain Controller” link. In the Active Directory Domain Services Configuration Wizard, select Add a domain controller to an existing domain. In the next step, check the Read-only domain controller (RODC) box and provide a password for Directory Service Restore Mode (DSRM).
What is RODC Why do we configure RODC?
The RODC is designed specifically to address the branch office scenario. An RODC is a domain controller, typically placed in the branch office, that maintains a copy of all objects in the domain and all attributes except secrets such as password-related properties.
How does a RODC work?
If the password is cached, the RODC will authenticate the user account locally. If the user’s password is not cached, then the RODC forwards the authentication request to a writable Windows Server 2008 Domain Controller which in turn authenticates the account and passes the authenticated request back to the RODC.
Why do you setup a RODC?
Windows Server 2008 introduced the read-only domain controller (RODC), which contains a full replication of the domain database. It was created to be used in places where a domain controller is needed but the physical security of the domain controller could not be guaranteed.