RODC can actually enhance the local authentication but you need to cache the local computes password to form a secure channel with RODC else it will query RWDC.RODCs don’t register the generic DClocator record by default & they only register the site specific locator records in DNS.RODC hold the read only database means the location where RODC is deployed you can’t make any changes and changes made on the RODC is not replicated to any other DC since replication is unidirectional from RWDC to RODC only not vice versa.
A Read-Only Domain Controller (RODC) is a new type of domain controller in Windows Server 2008.
Its main purpose is to improve security in office branches.
There is one more prerequisite you need at least one writable DC in windows 2008 before you can deploy RODC in existing windows 2003 AD environment, since RODC doesn’t consider windows 2003 DC.
Rodc is basically fitted to be deployed in the sites/locations where you can’t afford or don’t want to keep an AD Experts to manage/modify any changes in the AD.
However, an RODC only has read-only copies of DNS information and there's no way to replicate DNS changes to writable DNS servers. When a client makes a write request, they first make a request for an authoritative server to their configured DNS server, which would be the RODC in this scenario.
The RODC will try to find a writable DNS server in the client's local site and send the client a name server resource record for the writable DNS server so the client can make the update.
I’m not big fan of RODC, reason is RODC alone doesn’t work like a domain controller but for each and everything it relies on RWDC(Writable domain controller) causing heavy replication traffic.
The replication happens in RODC is unidirectional means changes made on RODC is not replicated to RWDC, but you can still connect to RWDC console from RODC and make modification on RWDC which is still vulnerable.
It is not a big deal to manipulate a Windows system if you can get physical access to it.
Since Domain controllers store security sensitive data, they are particularly endangered.
In this Master Class, we will start from the ground up, walking you through the basics of Power Shell, how to create basic scripts and building towards creating custom modules to achieve amazing results in your environment, in non-Microsoft environments, and in Azure.