RODC is the new role of domain controller introduced in Windows Server 2008. RODC contains the read only copy of Active Directory database. This database cannot be modified at RODC. You need to perform a LDAP Write operation, you need to do this at the Writable domain controller. So there is nothing to manage at RODC for Active Directory but there are other Operating System tasks which can be performed by a non-domain admin. This non-domain admin is called RODC Administrator.
You can get the list of RODC Administrators by querying the following registry entry at the RODC:
- KEY NAME: HKLM\System\CurrentControlSet\Control\Lsa\RODCROLES
- Entry Name:RepairAdmin
- Data: SIDs of User Accounts
The Data is the SID of all the user accounts in that domain.