Read as
Last updated: April 29, 2026
Why this module exists. RODCs were Microsoft’s 2008 answer to “we need a DC at a branch office, but the branch office has no physical security.” The model: cache only specific user passwords; if the RODC is stolen, only those users’ hashes are exposed.
Why this module exists. RODCs were Microsoft’s 2008 answer to “we need a DC at a branch office, but the branch office has no physical security.” The model: cache only specific user passwords; if the RODC is stolen, only those users’ hashes are exposed. The reality: misconfigured RODCs cache more than admins realise, and compromised RODCs become a quiet path to domain dominance.
What RODC actually is
An RODC is a domain controller with three differences from a writable DC:
- Read-only directory. No write operations replicate from the RODC. Changes are forwarded to a writable DC.
- Selective password caching. By default, no passwords are cached. Specific users can be allowed to cache; their hashes are then stored in the RODC’s NTDS.dit.
- Local administrator delegation. A user can be delegated as local admin on the RODC without being a Domain Admin.
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants