Your company has one main office and eight branch offices. Each branch office has 200 client
computers and a local administrator. The network consists of one Active Directory domain. All
domain controllers run Windows Server 2008 R2. You plan to deploy domain controllers to the
branch office locations. You need to plan an administration solution for the branch offices that
meets the following requirements:
• Branch office administrators must be able to update drivers on their respective branch office
domain controllers.
• Branch office administrators must be able to log on only to domain controllers in their respective
branches.
What should you include in your plan?
A.
Deploy a Windows Server 2008 R2 read-only domain controller (RODC) in each branch office.
Assign the Administrators role for the RODC to the branch office administrators.
B.
Deploy a Windows Server 2008 R2 read-only domain controller (RODC) in each branch office.
Assign the Network Configuration Operators role for the RODC to the branch office administrators.
C.
Deploy a domain controller that runs a Server Core Installation of Windows Server 2008 R2 in each
branch office. Add the branch office administrator to the Server Operators domain local group.
D.
Deploy a domain controller that runs a Server Core Installation of Windows Server 2008 R2 in
each branch office. Add the branch office administrator to the Administrators domain local group.
Explanation:
To install domain controllers in each branch office and to make sure that branch office
administrators are allowed to log in only to the domain controllers of their branch and should be
allowed to update drivers on the domain controllers of their branch, you need to deploy a Windows
Server 2008 read-only domain controller (RODC) in each branch office and assign the Administrators
role for the RODC to the branch office administrators. RODCs perform same as domain controllers
except for the fact that they are more secure and read only. They allow users to log on to the
domain and work best when the WAN link between branch offices and head office is unreliable and
domain controllers cannot be contacted. RODCs provide Administrator Role Separation, which
allows a local/regular domain user to be delegated local administrator privileges on a RODC, for theexecution of regular maintenance work such as the install of software, updating drivers,
troubleshooting connectivity issues, etc.
Windows Server 2008 Read Only Domain Controller RODC
http://windowsis.com/blogs/windowsis/archive/2008/04/14/windows-server-2008-read-onlydomain-controller-rodc.aspx