Read-only domain controllers
The first domain controller you set up in your network will be a fully writable one, able to accept data from the domain-joined users and computers working within your network. In fact, most DCs in your network will likely be fully functional and writeable. However, it's worth taking a quick minute to point out a limited-scope DC that can be installed called a Read-Only Domain Controller (RODC). Just like the name implies, an RODC can only have its directory data read from it. Writes that might try to be accomplished to the domain from a user's computer, such as a password change or new user account creation, are impossible with an RODC. Instead, RODCs receive their directory data from other more traditional domain controllers and then utilize that data to verify authentication requests from users and computers. Where would a limited-access domain controller like this be beneficial? Many companies are installing them in smaller branch offices...