This article explains the registry key which contains the list of RODC Administrators. This article applies only to Windows Server 2008 RODC.
RODC is the new role of domain controller introduced in Windows Server 2008. RODC contains the read only copy of Active Directory database. This database cannot be modified at RODC. You need to perform a LDAP Write operation, you need to do this at the Writable domain controller. So there is nothing to manage at RODC for Active Directory but there are other Operating System tasks which can be performed by a non-domain admin. This non-domain admin is called RODC Administrator.
You can get the list of RODC Administrators by querying the following registry entry at the RODC:
- KEY NAME: HKLM\System\CurrentControlSet\Control\Lsa\RODCROLES
- Entry Name:RepairAdmin
- Data: SIDs of User Accounts
The Data is the SID of all the user accounts in that domain.
About Nirmal Sharma
Nirmal is a Microsoft MVP in Directory Services and working as a Technical Architect/Consultant. He has been involved in Microsoft Technologies since 1994 and followed the progression of Microsoft Operating Systems and software. He is specialized in Directory Services, Microsoft Clustering, SQL, MOM, Exchange and Citrix. In his spare time, he likes to help others and write "internal" technical articles, white papers and tips on various Microsoft technologies. You can contact him at nirmal_sharma@mvps.org.
Article not looking right or info is missing? Let us know so that we can fix it: .
