A Quick Tip To Get List Of RODC Administrators

by [Published on 8 Oct. 2009 / Last Updated on 28 April 2009]

This article explains the registry key which contains the list of RODC Administrators. This article applies only to Windows Server 2008 RODC.

RODC is the new role of domain controller introduced in Windows Server 2008. RODC contains the read only copy of Active Directory database. This database cannot be modified at RODC. You need to perform a LDAP Write operation, you need to do this at the Writable domain controller. So there is nothing to manage at RODC for Active Directory but there are other Operating System tasks which can be performed by a non-domain admin. This non-domain admin is called RODC Administrator.

You can get the list of RODC Administrators by querying the following registry entry at the RODC:

  • KEY NAME: HKLM\System\CurrentControlSet\Control\Lsa\RODCROLES
  • Entry Name:RepairAdmin
  • Data: SIDs of User Accounts

The Data is the SID of all the user accounts in that domain.

 

See Also


The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP, and was awarded Microsoft MVP in Directory Services. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles for various online communities. Nirmal can also be found contributing to PowerShell based Dynamic Packs for ADHealthProf.ITDynamicPacks.Net solutions.

Featured Links