• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 69
  • Last Modified:

Read only domain controllers

Other than the obvious, a situation where you cannot secure physical access to the domain controller, is there any other positive reason to have a RODC on a domain?

I have two sites and four DCs and I was thinking when I upgrade them, I would put one RODC and one writable in each site.

Has anyone seen or does anyone know of any good reasons to do this other than the physical access part?


3 Solutions
Cliff GaliherCommented:
Secure access is the only reason.
Will SzymkowskiSenior Solution ArchitectCommented:
RODC's are pretty usuless unless you are acutally using the PrP (Password Replicaiton Policy) which will speed up login times. If you have a read/write DC in the site there is no point to put an RODC in there as well. Typically if you have a decent network connection to another geographically close site, this is sufficent for DNS/logins etc.

RODC use other DC's information to view it in a Read Only view.

I personally would not implement this unless you have specific requirement to do so.

Guy LidbetterCommented:
Besides security, the other reason is if you have extremely slow or flaky links at a site. As replication is then one way and can be scheduled for once a day if you like.

There is no reason whatsoever to have them mixed in with a normal DC.
crp0499CEOAuthor Commented:
Thank you
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now