Pagine

2016 Server - Deploy a Read Only Domain Controller

Here they are advantages and considerations about RODC (Read Only Domain Controller)

  1. Write operations from clients are not possible to RODC.
  2. RODC holds a read-only copy of AD Db. (except for credentials and credential-like attributes, called a filtered attributes set (FAS))
  3. When RODC receive an authentication request from local office forward request to writeable DC and than it proceed to cache credentials for further usage. (this feature need to be setting up)

Here it is an interesting article that explain how to install RODC 2016 server via powershell:


Read-Only Domain Controller (RODC) — 
Best practices for AD administration (part 2)