Windows Server 2008 Domain Controller Options That Are Not Supported on an RODC

Applies To: Windows Server 2008

To help reduce security risks and administration required by RODCs, some domain controller options that are available for writable domain controllers are not available on an RODC. An RODC cannot act as:

  • An operations master role holder (also known as flexible single master operations (FSMO). Operations master role holders must be able to write some information to the Active Directory database. For example, the schema master must be able to write definitions for new object classes and attributes. The relative ID (RID) master must be able to write the values of RID pools that are allocated to other domain controllers. Because of the read-only nature of the Active Directory database on an RODC, it cannot act as an operations master role holder.

  • A bridgehead server. Bridgehead servers are servers that are designated to replicate changes from other sites. Because RODCs perform only inbound replication, they cannot act as a bridgehead server for a site.