Question

What is the purpose of a Read-only Domain Controller?

Answer 1

Read-only Domain Controller:

A RODC or Read-Only Domain Controller can be defined as the domain controller of the Active Directory Domain Services database in windows server 2008 or higher environment which has read-only partitions and its main aim is to increase the security in office branches.

Some of its main purposes are the following:

1. Read-Only: An unauthorized person will not be able to manipulate the active directory data. The sensitive data gets caught when it is accessed by authorized persons. If somebody needs the write permissions then RODC will send a response to redirect the application to the write domain controller.
2. Administration role separation: An administration on RODC doesn't need to be a domain admin. It can be any user that can be granted with administration permissions and they can carry out the maintenance work like installing or upgrading applications. Even the administrations will not have the permissions to make changes in the RODC which helps to improve security to a great extent.
3. Unidirectional Replications: In some rare cases, Even if someone gets access to RODC, the changes will not get reflected in the DCs.
4. Password Protection: In default settings, the RODC doesn't store any passwords or user credentials but it can cache the passwords for temporary uses.   
5. Domain Name System(DNS) Protection: A DNS which is running on RODC will not support any dynamic changes as it has to pass through the DNS in Domain Controllers and only then it can update the DNS server.

We can summarize it as the security of DCs is enhanced by RODC and it provides better and faster access to the resources with strong authentication techniques.

If you liked my answer then please give me a thumbs up.