Q. How do I remove a cached password from a read-only domain controller (RODC)?

A. You can't. There's no way to entirely remove a password from an RODC. To achieve almost the same result, you can remove the password from the RODC's cache. First, delete the user from the list of users whose credentials the RODC is allowed to cache; then, reset the password. At the next replication cycle, the RODC will see that the user's password has changed and that it no longer has permission to cache the user's credentials. The RODC will remove the user's credentials from its cache

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.