A Read-Only Domain Controller (RODC) is a special type of domain controller designed for branch offices or remote locations with limited security resources.
Unlike a standard domain controller, an RODC stores a read-only copy of the Active Directory database and doesn't cache user passwords (except for its own and a special account).
This reduces the risk of sensitive information being compromised if the RODC is stolen.
Additionally, RODCs don't replicate changes made locally, instead they rely on updates from writable domain controllers. This minimizes network traffic and strengthens overall domain security.
Replication is the process of keeping all domain controllers synchronized with the latest directory information.
The Knowledge Consistency Checker (KCC) is a built-in service that automatically creates connections between domain controllers and manages how updates are replicated throughout the Active Directory forest.
This ensures that all domain controllers have the same data and users can access domain resources regardless of their location.
Summary:
- RODC stores a read-only copy of Active Directory, reducing security risk in remote locations.
- Replication keeps all domain controllers updated with the latest directory information.