Overview#
Read-Only Domain Controller (RODC) is a ReadOnly Microsoft Active Directory Domain ControllerThe Filtered Attribute Set (FAS) is the set of attributes NOT replicated to an Read-Only Domain Controller. The default FAS contains the following: – ms-PKI-DPAPIMasterKeys – ms-PKI-AccountCredentials – ms-PKI-RoamingTimeStamp – ms-FVE-KeyPackage – ms-FVE-RecoveryPassword – ms-TPM-OwnerInformation Items you place in the FAS aren’t replicated, in case the RODC is placed at a lower security site and then compromised. Therefore, you can add items to the FAS so that they aren’t replicated.