A Quick Tip To Get List Of RODC Administrators

by [Published on 8 Oct. 2009 / Last Updated on 28 April 2009]

This article explains the registry key which contains the list of RODC Administrators. This article applies only to Windows Server 2008 RODC.

RODC is the new role of domain controller introduced in Windows Server 2008. RODC contains the read only copy of Active Directory database. This database cannot be modified at RODC. You need to perform a LDAP Write operation, you need to do this at the Writable domain controller. So there is nothing to manage at RODC for Active Directory but there are other Operating System tasks which can be performed by a non-domain admin. This non-domain admin is called RODC Administrator.

You can get the list of RODC Administrators by querying the following registry entry at the RODC:

  • KEY NAME: HKLM\System\CurrentControlSet\Control\Lsa\RODCROLES
  • Entry Name:RepairAdmin
  • Data: SIDs of User Accounts

The Data is the SID of all the user accounts in that domain.

 

See Also


The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to PowerShell-based Dynamic Packs for www.ITDynamicPacks.Net solutions.

Featured Links