New switch for Repadmin specifically for RODC


I have been doing allot of Research around Rodc Servers in recent weeks.

I have in my studies come across a new switch for Repadmin.

Repadmin /prp

This switch reveals a huge subset of commands enabling you to fully control modify add list and delete your Password Replication Policy's.

For example the following command lists the Useraccounts whose passwords are "allowed" to be replicated to the RODC server in the Branch Office Location.

Reveal List (msDS-RevealedList):
RODC "CN=RODC,OU=Domain Controllers,DC=contoso,DC=com":
CN=RODC,OU=Domain Controllers,DC=contoso,DC=com

If I wanted to "add" to this list of  "allowed" passwords then I would type the following command;

repadmin /prp add Rodc allow cn=jlewis,cn=users,dc=contoso,dc=com
For RODC "CN=RODC,OU=Domain Controllers,DC=contoso,DC=com", "CN=jlewis,CN=Users,DC=contoso,DC=com" added to the allow list.

This looks a really useful addition to Repadmin . See below for the list of full switches;

Type Repadmin /prp from a Windows 2008 Domain Controller with the Support Tools installed to see the full list of switches.

Comments (0)

Skip to main content