Sometimes the environment will have problems such as, network down, RPC is disconnected or even worst problems that you couldn’t imagine. These which would definitely causes login problems. For now I would like to only pin point on RODC. Usually inexperience engineers, will not notice that there is a most important feature has to be enable at the RODC.
That is the Password Replication Policy or you could call it the Password cache.
Yes, there are some environment where all the user’s are pointing to RODC instead of the DC. Anything happens to the RODC will lead to huge complaints from the users and the person whom is supporting the back end will definitely get the blame.
So is better to avoid the trouble even though how good or stable is the environment. Here are the articles you could refer to;
- https://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
- https://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy(v=ws.10).aspx
- http://windowsitpro.com/windows-server/configure-credential-caching-rodc-windows-server-2016
Sabrina Kay's Blog 