RODCs are a great role introduced with Windows Server 2008, which can be used to maintain a domain controller in locations where it cannot guarantee physical security and regular maintenance. Throughout this chapter, we have discussed possible scenarios where we have required a domain controller in a remote site. When considering a domain controller in a remote site, the link between sites is not the only thing we need to consider. A domain controller, by default, will be aware of any changes in the AD structure. Once an update triggers, it updates its own copy of the AD database. This ntds.dit file contains everything about the AD infrastructure, including the identity data of the user objects. If this file falls into wrong hands, ...