如何突破可設定密碼RODC複寫 cache 1500個以上的account(user或computer)

原因

If more than 1,500 accounts (users, computers, or groups) are added to the Allowed list (the msDS-RevealOnDemandGroup attribute) of an RODC, the RODC stops caching passwords for all security principals in the Allowed list. This occurs when you add security principals using either the repadmin /prp <RODCName> allow <User_Name> command or by directly modifying the msDS-RevealOnDemandGroup attribute of the RODC

解決方案 - As a workaround, add the security principals to security groups to reduce the overall number of security principals that are in the Allowed list

建議您由於此清單有1500限制，請您改由security group取代user account

您可以由此清單加入有電腦與User帳號的安全性群組，建立cache需要等待密碼複製到RODC上，跨site可能需要等待60~90分鐘

另外當密碼有在以下清單中代表已經cache