Home / Entertainment / What is (RODC) – Read Only Domain Controllers

What is (RODC) – Read Only Domain Controllers

  • RODC are used in non secure areas (Where the physical server can be compromised).
  • You can establish which credentials can be cached on an RODC (Computer and User objects).
  • When a user or computer authenticates against an RODC, the RODC will authenticate the user against a writable DC. If the object is allowed to be cached, the RODC will cache the credentials for future authentications.
  • Should the RODC server be physically compromised, you will reset all objects passwords which were allowed to be cached – limiting the attack foot print and impact on your organization.
  • Do not allow administrator accounts to be cached.
  • RODC should be placed near a writable DC (Near being the lowest cost site)
  • An RODC should not be considered as a resilient DC to a writable DC.