Read Only domain controllers provide a really nice option for administrators who may want to place a domain controller in a remote site, particularly one that may not have a secure location for the server as such. The RODC may be just the option that the administrator is looking for as it only contains a readable copy of the Active Directory database and does not accept changes only reads. There are only a few requirements from Microsoft on installing an RODC in your environment:
- Make sure your domain functional level is Windows Server 2003 or higher
- You must deploy at least one Windows 2008 or Windows 2008 R2 writeable domain controller in the active directory environment first.
- The Active Directory Schema also needs updated to allow the RODC functionality
ADPREP changes that must be ran:
- adprep /forestprep on the schema master FSMO role server
- adprep /domainprep /gpprep on the infrastructure master FSMO server (if you have already ran this parameter for Windows Server 2003, you do not have to run it again for 08 or 08 R2
- adprep /rodcprep (the domain naming operations master for the forest and the infrastructure operations master must be accessible).
Once the ADPREP changes are made you can simply run the DCPROMO.EXE utility and being the installation of Active directory. You will see the option to install a “Read Only Domain Controller (RODC).”
Take a look at our recently posted video on how to install an RODC domain controller in a Windows 2008 R2 environment. Please select 720HD for best clarity.