Q. How can I pre-populate a specific user's credentials on a read-only domain controller (RODC)?

A. Typically, when an authorized user logs onto an RODC, his or her credentials are on the password replication policy allow list, and no additional action is needed. The user's credentials are automatically cached on the RODC. To pre-populate a specific user's credentials, open the RODC's computer object and select the Password Replication Policy tab. Click Advanced, then follow the instructions. To prepopulate credentials using the command line, use the repadmin and rodcpwdrepl commands with the following format:

where RODC to prepopulate is the RODC on which you want to cache the credentials and DC to replicate from is the domain controller (DC) on which the credentials exist. As an example, I used the repadmin and rodcpwdrepl commands to replicate Clark Kent's credentials from my savdaldc01 DC to my savdalrodc01 RODC with the following command and resulting output:

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.