RODC: Using the dsmgmt.exe utility to manage local administrators

One of the benefits of  of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt. The following graphic shows a few commands including:

  • adding local roles
  • showing local roles


Remember, an RODC does not have all of the capabilities of a writeable domain controller. Consequently, an RODC cannot serve as the global catalog, operations masters, or bridgehead server.

For more information see this Technet Article:

 Jeff Loucks
Available Technology
Available Technology
  Subscribe in a reader 

Leave a Reply

Your email address will not be published. Required fields are marked *