BDC Archives - ADSploit https://adsploit.com/tag/bdc/ Powered by CionSystems inc Wed, 15 Oct 2008 06:34:43 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.4 https://adsploit.com/wp-content/uploads/2022/08/icon-36x36.png BDC Archives - ADSploit https://adsploit.com/tag/bdc/ 32 32 Server 2008 and the RODC (Read-Only Domain Controller) https://adsploit.com/server-2008-and-the-rodc-read-only-domain-controller/ https://adsploit.com/server-2008-and-the-rodc-read-only-domain-controller/#respond Wed, 15 Oct 2008 06:34:43 +0000 http://blog.cionsystems.com/?p=47 Speaking to several people about the Server 2008 migrations, there were a lot of questions and reactions to the new Read-Only Domain Controller (RODC) option. Some confusion too, as some thought this is similar to Windows NT 4.0’s Backup Domain Controller (BDC) type technology.   The difference between a RODC and a BDC is apparent […]

The post Server 2008 and the RODC (Read-Only Domain Controller) appeared first on ADSploit.

]]>
Speaking to several people about the Server 2008 migrations, there were a lot of questions and reactions to the new Read-Only Domain Controller (RODC) option. Some confusion too, as some thought this is similar to Windows NT 4.0’s Backup Domain Controller (BDC) type technology.

 

The difference between a RODC and a BDC is apparent when there are more than two DCs per domain. In Windows NT 4.0 you could only have 1 read-write Primary Domain Controller (PDC), and the other DCs had to be read-only BDCs. Windows Server 2008 allows you to choose which DCs are read-writable and which are read-only with a great degree of freedom. By example, if you have 30 DCs in your domain, you can have 26 regular DCs and 4 RODCs.

 

One reason for having an RODC is if you have a DC that is not physically secure. In that case, not only could data be obtained from the DC, but malicious data could be injected into the vulnerable DC. With a normal read-writable DC, such damage would replicate throughout the domain and maybe even through the entire forest. By having an RODC the damage could be localized.

The post Server 2008 and the RODC (Read-Only Domain Controller) appeared first on ADSploit.

]]>
https://adsploit.com/server-2008-and-the-rodc-read-only-domain-controller/feed/ 0