An RODC is completely read-only from the perspective of external clients, but it can internally originate changes for a limited set of objects. It permits replicated write operations and a limited set of originating write operations.
Both the KCC and the replication engine are special “writers” on an RODC. The replication engine performs replicated write operations on an RODC in exactly the same way as it does on the read-only partitions of a global catalog server that runs Windows Server 2003. The KCC is permitted to perform originating write operations of the objects that are required to perform Active Directory replication, such as connection objects.
0 Comments