What is a Read-Only Domain Controller (RODC) and when would you enable it?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Longhorn Server Training Test with our quiz. Study with flashcards and multiple choice questions. Each question includes hints and explanations to enhance your learning experience. Get ready to ace your exam!

Multiple Choice

What is a Read-Only Domain Controller (RODC) and when would you enable it?

Explanation:
A Read-Only Domain Controller stores a read-only copy of Active Directory data and is designed for use in locations where security and physical protection may be limited. It can authenticate users and computers locally, but it cannot make changes to AD itself. Any updates or writes to the directory must come from writable domain controllers, and those changes replicate to the RODC. This design is beneficial in remote or branch office scenarios because it reduces the risk of credential exposure and tampering. Passwords and other sensitive data aren’t stored locally unless explicitly allowed by a Password Replication Policy, so if the RODC is compromised, attackers can’t modify AD data or easily harvest credentials for broader access. The RODC still participates in authentication by contacting writable DCs as needed, preserving central control while offering local services. The other options aren’t accurate: an RODC does not replace all writable domain controllers, it never writes to AD data (by definition), and while it can run DNS, it is not used solely for DNS.

A Read-Only Domain Controller stores a read-only copy of Active Directory data and is designed for use in locations where security and physical protection may be limited. It can authenticate users and computers locally, but it cannot make changes to AD itself. Any updates or writes to the directory must come from writable domain controllers, and those changes replicate to the RODC.

This design is beneficial in remote or branch office scenarios because it reduces the risk of credential exposure and tampering. Passwords and other sensitive data aren’t stored locally unless explicitly allowed by a Password Replication Policy, so if the RODC is compromised, attackers can’t modify AD data or easily harvest credentials for broader access. The RODC still participates in authentication by contacting writable DCs as needed, preserving central control while offering local services.

The other options aren’t accurate: an RODC does not replace all writable domain controllers, it never writes to AD data (by definition), and while it can run DNS, it is not used solely for DNS.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy