Tip: You can list the RODC (Read-Only Domain Controllers) with PowerShell.
|
1 2 3 4 5 6 7 |
#requires -Version 1 -Modules ActiveDirectory # Solution 1 Get-ADDomainController -Filter {IsReadOnly -eq $true} # Solution 2 Get-ADComputer -Filter {PrimaryGroupID -eq 521} |
Note 1: The attribute PrimaryGroupID 521 is the RID for the “Read-only Domain Controllers” built-in group in Active Directory.
Well-known security identifiers in Windows operating systems
https://support.microsoft.com/en-us/kb/243330
- SID: S-1-5- 21domain -521
Name: Read-only Domain Controllers
Description: A Global group. Members of this group are Read-Only Domain Controllers in the domain
Note 2 : Get-ADDomainController and Get-ADComputer are cmdlets from the ActiveDirectory module.
