What is a characteristic of a Read-only Domain Controller (RODC)?

A Read-only Domain Controller (RODC) is specifically designed to enhance security and provide efficient data management within Active Directory (AD) environments. One of its main characteristics is that it cannot update information in Active Directory. This limitation serves a crucial purpose; it minimizes the risk of compromise in case the RODC is physically accessed by unauthorized individuals.

Since RODCs do not possess the capability to make changes to the AD database, they rely on writeable Domain Controllers (DCs) to handle updates. This is particularly advantageous in scenarios where deploying full-fledged writable DCs may not be feasible, such as in remote sites with limited physical security. As a result, RODCs can still provide authentication services and cache information locally for faster access while ensuring that the integrity of the AD data remains secure.

This characteristic also means that RODCs do not replicate changes back to their writable counterparts, reinforcing their purpose as passive data holders rather than active participants in the AD modification process.