Read Only Domain Controller or RODC is a new type of domain controller which was introduced in Windows Server 2008 or newer generation of server operating systems. It is a read-only DC which is set up in branch offices. It has the following main features:
- There is a lack of security in branch offices. Therefore, an intruder won't be able to manipulate any data if he/she gets access to the physical server because RODC holds a read-only copy of AD and DNS data.
- RODCs only support unidirectional replication of AD data that is from AD forest to RODC.
- If you deploy a writeable DC in branches, this requires day to day maintenance including hardware upgrade, site-link changes, and user-credential changes etc. This will increase company operational cost to keep an IT department running in branch offices.