Read-Only Domain Controller Planning and Deployment Guide
Updated: April 26, 2012
Applies To: Windows Server 2008, Windows Server 2012
This section provides an overview of the guide, including what is covered in this guide as opposed what is covered in other related guides.
To obtain a copy of this guide in .doc format, see Planning and Deploying Read-Only Domain Controllers on the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkID=122172).
Purpose of this guide
The purpose of this guide is to explain what a read-only domain controller (RODC) is, how an RODC works, and how you can plan for and deploy RODCs in your environment. The guide is meant to be a comprehensive resource for all the information that you might need in order to use an RODC in any scenario. It will be updated continuously as additional information about using RODCs is learned as a result of customer experiences and product team recommendations.
This guide details various deployments with AD DS in perimeter networks with a focus on how to plan for and deploy RODCs. Because it covers information beyond RODCs, it is offered as a separate guide.
This guide consists of the following sections:
This section explains what an RODC is, and it covers general issues that affect any of the scenarios that include an RODC. This chapter also provides steps for installing and administering an RODC.
This section describes special planning and deployment steps for placing RODCs in branch offices.
This section includes supplemental information that can help some organizations with planning an RODC deployment.
This appendix covers events that can be logged for various operations RODCs.
This appendix includes some of the acronyms that are commonly used in discussion about RODCs.
Related information about new features in Active Directory Domain Services
RODCs are one of many new features that are introduced in Active Directory® Domain Services (AD DS) in the Windows Server® 2008 operating system. The following links provide more information about the other new Active Directory features and the steps that you can take to try them out:
This document provides an overview of new features in AD DS.
This page contains links to step-by-step guides for setting up Windows Server 2008 domain controllers and implementing the new features in AD DS.
Related planning and deployment guides
The following guides cover related scenarios for planning and deploying AD DS and RODCs:
This guide provides information about deploying writable Windows Server 2008 domain controllers and upgrading to Windows Server 2008 from Windows 2000 Server domains and Windows Server 2003 domains.
This guide explains design considerations for creating a new forest with domain controllers that run Windows Server 2008.
This guide explains how to plan sites and site links for a new forest.
This guide provides guidance to help organizations design complete branch office infrastructures. It provides planning guidance for the services in a typical branch office design, including core services such as Dynamic Host Configuration Protocol (DHCP), file server, and print server. It also covers extended services, such as virtualization, Web caching services, messaging services, and collaboration services.
If you are currently using File Replication Service (FRS) for replication of the SYSVOL shared folder on domain controllers, you will have to migrate to using DFS Replication Service for SYSVOL replication after you raise the domain functional level to Windows Server 2008. You can use the Dfsrmig.exe tool to perform the migration procedure.
This guide provides recommendations for deploying domain controllers that run Windows Server 2003 in a branch office environment. It also includes scripts and tools to help you monitor the environment. Some of the tools, such as the Active Directory Load Balancing tool (ADLB.exe), are useful for monitoring domain controllers that run Windows Server 2008 in addition to monitoring domain controllers that run Windows Server 2003.