A read-only domain controller (RODC) is a new type of domain controller for Windows Server 2008 that hosts a read-only replica ...

A read-only domain controller (RODC) is a new type of domain controller for Windows Server 2008 that hosts a read-only replica of the Active Directory database. RODCs provide a way for you to deploy a domain controller more securely than a writable domain controller at the perimeter of your network in sites that require a single domain controller, such as a branch office location, an extranet, or an application-facing role. Because it requires less administration than a writable domain controller, an RODC is well suited for a site that does not have a member of the Domain Admins group.