For your exam, you should make sure you understand the following commands and why they should be run prior to installation: The installation of the RODC requires this step in order to allow all other DNS servers in the forest to write to any RODC that is also a DNS server for its location.
As mentioned previously, you must have a writable domain controller for the RODC to replicate with, so you must specify this in the installation.
Non-RODC server If the DC is a non-RODC with default NC X (and NC X's GUID is G) in forest Z, then it registers SRV records with Service.
While much of the 70-640 exam covers the configuration of Active Directory in a Windows Server 2008 environment, other topics also get tested — including Read Only Domain Controllers (RODC), which is a new feature on Windows Server 2008.
One of the best features of RODC is the way it stores user credentials… The replication of user information is there, of course, and is presented to users as and when they need them to supply a domain login.
However, the passwords are cached on the server, and only once the RODC has contacted a writable domain controller of authentication.
With regards to installing an RODC you will be expected to know the preparation steps, the installation itself, and any further configuration required.
Also, you should make sure you know any alternative installation methods; although the exam won’t press you for this information in too much detail, you should be aware of the options available, as this is common testing ground.Small networks often come with further downsides, such as poor WAN links.This is where a RODC can play a key role in securing remote offices and not putting a company’s security at risk if their server is stolen or hacked.The SRV DNS Resource Record for specifying the location of services is specified in [RFC2782].An SRV record maps the name of a service to the DNS name of a server that offers that service.When you take a moment to consider what is held on a domain controller—namely all of your Company user accounts, including your infrastructure accounts—if these were to be compromised, it would be a massive security risk to your network.