Read-Only Domain Controllers

As I mentioned at the beginning of the chapter, with the release of Windows Server 2008, Microsoft introduces a new type of DC: the read-only domain controller (RODC). With the RODC, organizations can now deploy a DC in locations where physical security cannot be guaranteed. An RODC hosts read-only partitions of the AD DS database. One big benefit is that this will help you secure your environment. Before the RODC role, I always saw the DC in the branch office as the weakest point. (Please refer to Chapter 14 for an explanation of what a branch office is and for the security implications of using an RODC.) With this new role we can actually move the writable DCs to the hub site in a proper data center and replace the ...

Get Windows Server® 2008 Security Resource Kit now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.