RODC no prp

Does it make sense to setup a RODC in a remote office if there is no
password replication policy in place? it seems like if there is no prp, then
the RODC doesnt really do much accept pass authentication requests back to a
RWDC

It would depend on how many users at the remote office. If more than 10, I
would say yes, go ahead. This will elimnate WAN authentication and logon
traffic. Replication traffic for the RODC will be considerably less than
authentication and logon traffic.

you still somewhat benefit from having a local domain controller (even
though a writable replica needs to be involved in computer/user
authentication) - e.g. due to ability to process Group Policies without
resorting to WAN access or faster name resolution assuming that RODC is also
configured as a DNS server...

I would use also the password replication and make the DC also DNS server,
so you can limit the WAN traffic at all.

I would consider stating which users at the branch office to retain the
passwords and make sure none of those are admins. Yes there is much value
in not keeping passwords on board the rodc. For starters if someone steels
your dc (rwdc) it has all the secrets within it, an rodc doesn't. That is
why it was built, to protect remote sites and/or (Details coming soon)
dmz's.

correct

but troubles will hunt you as soon as the RWDC is not accessible for
whatever reason

[MKA2009]

We have an RODC site in 4 of our Barch offices. The issue is that in everyone of these sites users complain that there is considerable delay in logon. This is not an issue in branch offices which have a RWDC. We decided to configure PRP for all the branch office users but that has not helped.

Has anyone else experiancing this or has experianced this with RODC's?

Thanks.