Observação
O acesso a essa página exige autorização. Você pode tentar entrar ou alterar diretórios.
O acesso a essa página exige autorização. Você pode tentar alterar os diretórios.
Applies To: Windows Server 2008, Windows Server 2012
As an additional ___domain controller for a ___domain, a read-only ___domain controller (RODC) performs the same operations as a writable ___domain controller. For example, because an RODC contains a copy of the directory database and a copy of the SYSVOL folder that contains the Group Policy objects (GPOs) and logon scripts for client computers, it can respond to authentication requests just as a writable ___domain controller does. However, there are a number of differences between an RODC and a writable ___domain controller. The following table lists the important differences in the characteristics of an RODC and a writable ___domain controller.
| Characteristic | RODC | Writable ___domain controller |
|---|---|---|
Active Directory database access |
The database on an RODC is read only. Applications can only read data from the directory when they target an RODC; they cannot write data in the directory. However, RODCs automatically forward certain write operations to writable ___domain controllers, and they can send referrals to writable ___domain controllers when necessary. |
All read and write operations are possible on a writable ___domain controller. |
Data replication between ___domain controllers |
An RODC only replicates data from a writable ___domain controller, and it never replicates data to another ___domain controller in the ___domain. This is true for both the Active Directory data and the SYSVOL data. |
Writable ___domain controllers replicate any changes that occur elsewhere in the ___domain from other writable ___domain controllers, and they replicate data that was written to their database to other ___domain controllers. |
Data that is stored in the database |
RODCs contain a complete copy of the database, with the exception of credentials and other credential-like attributes that are part of the RODC filtered attributes set (FAS). However, you can select which credentials can be cached on the RODC to provide better authentication performance for users who are located in a site that an RODC services. |
Writable ___domain controllers contain a complete copy of the directory database, including credentials for all accounts. |
Administration |
RODCs can be administered by delegated users that do not have any ___domain privileges beyond standard ___domain users. Administration operations include applying hotfixes and software updates, performing offline defragmentation and backups, and so on. |
Only ___domain administrators can manage writable ___domain controllers. |