The purpose of this guide is to explain what a read-only domain controller (RODC) is, how an RODC works, and how you can plan for and deploy RODCs in your environment. The guide is meant to be a comprehensive resource that provides all the information that you might need in order to use an RODC. It will be updated continuously as additional information about using RODCs is learned as a result of customer experiences and product team recommendations. Ultimately, the guide will provide guidelines for planning and deploying RODCs in each of the following scenarios:

• Branch office
  
• Perimeter network (also known as DMZ)
  
• Internet
  

The first update for this guide will cover only the branch office scenario of the three scenarios mentioned. This is the most common scenario for organizations that plan to use an RODC. The guide will be updated with information about planning for and deploying an RODC in the other scenarios as more knowledge and expertise becomes available.

This guide consists of the following sections:

Understanding Planning and Deployment for Read-Only Domain Controllers

This section explains what an RODC is, and it covers general issues that affect any of the scenarios that include an RODC. This chapter also provides steps for installing and administering an RODC.

Planning and Deploying RODCs in Branch Offices

This section will describe special planning and deployment steps for placing RODCs in branch offices.

Appendix A: Technical Reference Topics

This section includes supplemental information that can help some organizations with planning an RODC deployment.

Appendix B: Events That Are Related to RODCs

This appendix covers events that can be logged for various operations RODCs.

Appendix C: List of Acronyms Used in this Guide

This appendix includes some of the acronyms that are commonly used in discussion about RODCs.

RODCs are one of many new features that are introduced in Active Directory® Domain Services (AD DS) in the Windows Server® 2008 operating system. The following links provide more information about the other new Active Directory features and the steps that you can take to try them out:

• What's New in Active Directory Domain Services in Windows Server 2008 (http://go.microsoft.com/fwlink/?LinkID=117789)
  This document provides an overview of new features in AD DS.
  
• Getting Started: AD DS (http://go.microsoft.com/fwlink/?LinkID=117791)
  This page contains links to step-by-step guides for setting up Windows Server 2008 domain controllers and implementing the new features in AD DS.
  

The following guides cover related scenarios for planning and deploying AD DS and RODCs:

• Upgrading Active Directory Domains to Windows Server 2008 AD DS Domains (http://go.microsoft.com/fwlink/?LinkID=89032)
  This guide provides information about deploying writable Windows Server 2008 domain controllers and upgrading to Windows Server 2008 from Windows 2000 Server domains and Windows Server 2003 domains.
  
• Designing the Logical Structure for Windows Server 2008 AD DS (http://go.microsoft.com/fwlink/?LinkID=89024)
  This guide explains design considerations for creating a new forest with domain controllers that run Windows Server 2008.
  
• Designing the Site Topology for Windows Server 2008 AD DS (http://go.microsoft.com/fwlink/?LinkID=89026)
  This guide explains how to plan sites and site links for a new forest.
  
• Branch Infrastructure Implementation Solution for Windows Server 2008 (http://go.microsoft.com/fwlink/?LinkId=120084)
  This guide provides guidance to help organizations design complete branch office infrastructures. It provides planning guidance for the services in a typical branch office design, including core services such as Dynamic Host Configuration Protocol (DHCP), file server, and print server. It also covers extended services, such as virtualization, Web caching services, messaging services, and collaboration services.
  
• SYSVOL Migration Series: Part 1 – Introduction to the SYSVOL migration process (http://go.microsoft.com/fwlink/?LinkId=119296)
  If you are currently using File Replication Service (FRS) for replication of the SYSVOL shared folder on domain controllers, you will have to migrate to using DFS Replication Service for SYSVOL replication after you raise the domain functional level to Windows Server 2008. You can use the Dfsrmig.exe tool to perform the migration procedure.
  
• Windows Server 2003 Active Directory Branch Office Guide (http://go.microsoft.com/fwlink/?LinkID=28523)
  This guide provides recommendations for deploying domain controllers that run Windows Server 2003 in a branch office environment. It also includes scripts and tools to help you monitor the environment. Some of the tools, such as the Active Directory Load Balancing tool (ADLB.exe), are useful for monitoring domain controllers that run Windows Server 2008 in addition to monitoring domain controllers that run Windows Server 2003.