Powershell Tip #18: Find RODC (Read-Only Domain Controllers)

By | August 27, 2015

Tip: You can list the RODC (Read-Only Domain Controllers) with PowerShell.


Note 1: The attribute PrimaryGroupID 521 is the RID for the “Read-only Domain Controllers” built-in group in Active Directory.

Well-known security identifiers in Windows operating systems

  • SID: S-1-5- 21domain -521
    Name: Read-only Domain Controllers
    Description: A Global group. Members of this group are Read-Only Domain Controllers in the domain

Note 2 : Get-ADDomainController and Get-ADComputer are cmdlets from the ActiveDirectory module.


Leave a Reply

Your email address will not be published.