Q. How do I install and configure a read-only domain controller (RODC)?

A. You create an RODC in Windows Server 2008 the same way you install a normal domain controller (DC), except you enable the RODC option in Additional Domain Controller Options. For a full Server 2008 installation, click Start, type


and press Enter. Doing so starts the Active Directory Domain Services Installation wizard. In the Additional Domain Controller Options dialog box, select the “Read-only domain controller (RODC)” option, as shown below.

When you select the RODC option, the system will prompt you to enter the group or users you want to have local administrator permissions. This RODC designation won’t give those groups or users any privileges on the writable DCs. The dialog box is shown below.

If you perform an advanced-mode promotion, you can also configure the initial password- replication policy. Otherwise, you can configure the policy later.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.