Chapter 22. The Third DC: Understanding Read-Only Domain Controllers

Most domain controllers (DCs) hold a full copy of Active Directory, including all of the administrative accounts and their passwords. Also, most domain controllers enjoy a safe lifetime locked behind doors to a server room or server closet. As long as a DC is well protected with physical security, this arrangement works perfectly.

However, domain controllers sometimes need to be deployed to other locations to support users working in branch offices or remote locations. Ideally, these branch offices enjoy the same physical security as the main location, but in reality this just isn't true.

In the past, administrators have had to weigh the risk of a DC being stolen or attacked after ...

Get Mastering Microsoft Windows Server® 2008 R2 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.