Q. How can I check whether a user's password is, or can be, stored on a specific read-only domain controller (RODC)?

A. Go to the RODC's Computer Properties window. Access the Password Replication Policy tab, and click Advanced . The computer will display the accounts that currently have their passwords stored on the RODC, as shown below.

An administrator can use the Prepopulate Passwords button in the Advanced Password Replication Policy dialog box to set up accounts and passwords in advance of users logging on for the first time.

You can use utilities such as Proactive Password Auditor (shown below) to confirm stored passwords. Accounts that aren't allowed password replication will be empty. The utility can also empty an RODC's memory.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.