Read-Only Domain Controller Branch Office Guide

Applies To: Windows Server 2008, Windows Server 2012

The topics in this section describe new features in Windows Server 2008 that can provide benefits for Active Directory deployments that include branch offices. These topics explain how to assess your existing deployment of domain controllers in branch offices to determine whether deploying read-only domain controllers (RODCs) in existing or future branch offices is appropriate for your organization.

To obtain a copy of this section in .doc format, see Read-Only Domain Controller (RODC) Branch Office Guide on the Microsoft Download Center (

If necessary, you can review the previous topics about configuring RODCs and the functionality that they provide in Understanding Planning and Deployment for Read-Only Domain Controllers. For more information about how to deploy an RODC in a perimeter network, see Active Directory Domain Services in the Perimeter Network (Windows Server 2008). For more general information about Active Directory Domain Services (AD DS), see Active Directory Domain Services (

Many organizations have existing Active Directory branch office deployments that are similar to the recommendations in the Windows Server 2003 Active Directory Branch Office Planning and Deployment Guide ( For convenience in helping these organizations more easily integrate RODCs into their existing infrastructure, some topics in this guide refer to recommendations from the Windows Server 2003 guide. Therefore, familiarity with your current Active Directory infrastructure and the recommendations from the Windows Server 2003 guide is helpful. However, the recommendations in the following topics are applicable for any branch office deployment that can benefit from RODCs: