Thursday, December 4, 2014

Read Only Domain Controller

Read Only Domain Controller ( RODC )

A Read Only Domain Controller is a new type of Domain Controller in Windows Server 2008. Main Purpose to create Read Only Domain Controller is to increase security as its mainly kept in Branch offices. In Office branches it is not possible to provide enough physical security.


# Read only Feature: An Hacker cant manipulate Active Directory Database on RODC.


# DNS Server Safety: If RODC server also holds DNS feature than Hacker will not able hack any DNS data.


# Password Protection: An Hacker will not able to hack passwords. This will happen only if password caching is disabled on RODC.


# Administrator delegation: You can delegate local Administrator role to Domain user too.


RODC -


#  A RODC holds all Active Directory Objects and Attributes.


# If an application needs write access to AD objects, RODC will send LDAP referral response which redirects application towards writable Domain Controller.


# RODC does not store User or Computer Credentials. RODC can cache passwords and if password is not cached RODC will forward request to writable DC.


# A Domain user having Administrator role on RODC does not have to be Domain admin member.


# A Domain user having Administrator role can do Admin work like installing software on RODC.


RODC Installation:


1. Type Dcpromo.exe in Run and press Enter.


2. Welcome screen stating Installation wizard will come. Click Next.