The msDS-RevealOnDemandGroup variable is the allowed list on a Windows 2008 read-only domain controller (RODC). Passwords are cached to the RODC for only for accounts on the allowed list. The default settin for this variable is the built-in security group Allowed RODC Password Replication which contains no members by default. Add accounts to this group to enable replcation of their passwords to the RODC so authentication can occur on that domain controller. Alternatively you can add other groups to the allowed list.

Use repadmin

to inspect this variable to identify which accounts are allowed to authenticate to this domain controller.

TechNet Reference - RODC Filtered Attribute Set, Credential Caching, and the Authentication Process with an RODC

CI Data

Category:Directory Services - Directory Service Variable
Target Functionality:Directory Services - Replication
Accessed by:
Related CI's:

Results for Configuration Items search

You entered the search string "".
No results were returned for this string.

Copyright © 1997 - 2016 Mission Pacific Pty Ltd. All rights reserved. ezcom, the ez logo and hard tech cafe are registered trademarks of Mission Pacific Pty Ltd. Designed for firefox and safari. Sitemap