A. This is by design. Because sites with RODCs are generally considered less secure, you don't want clients in other sites using domain controller (DCs) in sites with RODCs. If you trust your locations with RODCs, you can modify the filter used by the DC Locator. On Windows Server 2008 DCs, open the registry editor and navigate to HKLM\System\CurrentControlSet\Services\Netlogon\Parameters. Set the NextClosestSiteFilter DWORD value to one of the following:

  • 0: No filtering and any site is used.
  • 1: Sites that only contain RODCs are filtered but sites that contain a mix of RODCs and writable DCs aren't filtered.
  • 2 (default): Sites that contain any RODCs are filtered.
Related Reading:

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.