We have 3 domain controllers one of Master DC another one ADC and last one is Read Only DC.
Read Only DC is being used for remote office domain services.
If I login at RODC , I can click "change to domain controller" then changing domain.
Is there anyway to disable this attribute at schema or regedit? I don't want to change domain controller for any admin who can login RODC?