RODC: Using the dsmgmt.exe utility to manage local administrators

One of the benefits of  of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt. The following graphic shows a few commands including: adding local roles showing local roles   Remember, an RODC does not have all of the capabilities of a writeable domain controller. Consequently, an RODC cannot serve as the global catalog, operations … Continue reading RODC: Using the dsmgmt.exe utility to manage local administrators