I have been doing allot of Research around Rodc Servers in recent weeks.
I have in my studies come across a new switch for Repadmin.
This switch reveals a huge subset of commands enabling you to fully control modify add list and delete your Password Replication Policy’s.
For example the following command lists the Useraccounts whose passwords are "allowed" to be replicated to the RODC server in the Branch Office Location.
REPADMIN /PRP VIEW RODC REVEAL
Reveal List (msDS-RevealedList):
RODC "CN=RODC,OU=Domain Controllers,DC=contoso,DC=com":
If I wanted to "add" to this list of "allowed" passwords then I would type the following command;
repadmin /prp add Rodc allow cn=jlewis,cn=users,dc=contoso,dc=com
For RODC "CN=RODC,OU=Domain Controllers,DC=contoso,DC=com", "CN=jlewis,CN=Users,DC=contoso,DC=com" added to the allow list.
This looks a really useful addition to Repadmin . See below for the list of full switches;
Type Repadmin /prp from a Windows 2008 Domain Controller with the Support Tools installed to see the full list of switches.