what is a Read Only Domain Controller (RODC) AND WHAT ARE ITS advantages? what are the security and administrative issues addressed by a RODC?

Hello, RODCs can be used for zones which their physical security is not well ensured. They can enhance security as: passwords are not by default replicated to RODCs. You have to configure PRP in this case Attributes can be filtered so that they will not be replicated ... Also, they use a one way AD replication. Another thing is that local administration of RODCs can be delegated. More here: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=11003 This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator

Mr X is technically correct. Just to add to some examples to his answer: 1) Since only limited passwords are replicated to a RODC, fewer accounts can be hacked at offline if someone steals your RODC. If some does steal it or steal the AD database from the filesystem, you can see from ADUC EXACTLY which account passwords were cached on the RODC. 2) If someone takes your RODC offline and tries to manually insert an account into the local copy of the AD database, it won't replicate back to the other domain controllers. Shane Cribbs http://www.georgiatechnologies.com

Hi, In addition, I also would like to share the following Microsoft TechNet article where you can find the answers: Read-Only Domain Controllers Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc772234(WS.10).aspx Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.