A Quick Tip To Get List Of RODC Administrators

by [Published on 8 Oct. 2009 / Last Updated on 28 April 2009]

This article explains the registry key which contains the list of RODC Administrators. This article applies only to Windows Server 2008 RODC.

RODC is the new role of domain controller introduced in Windows Server 2008. RODC contains the read only copy of Active Directory database. This database cannot be modified at RODC. You need to perform a LDAP Write operation, you need to do this at the Writable domain controller. So there is nothing to manage at RODC for Active Directory but there are other Operating System tasks which can be performed by a non-domain admin. This non-domain admin is called RODC Administrator.

You can get the list of RODC Administrators by querying the following registry entry at the RODC:

  • KEY NAME: HKLM\System\CurrentControlSet\Control\Lsa\RODCROLES
  • Entry Name:RepairAdmin
  • Data: SIDs of User Accounts

The Data is the SID of all the user accounts in that domain.


Featured Links