New switch for Repadmin specifically for RODC

Hi,

I have been doing allot of Research around Rodc Servers in recent weeks.

I have in my studies come across a new switch for Repadmin.

Repadmin /prp

This switch reveals a huge subset of commands enabling you to fully control modify add list and delete your Password Replication Policy's.

For example the following command lists the Useraccounts whose passwords are "allowed" to be replicated to the RODC server in the Branch Office Location.

REPADMIN /PRP VIEW RODC REVEAL
Reveal List (msDS-RevealedList):
RODC "CN=RODC,OU=Domain Controllers,DC=contoso,DC=com":
CN=krbtgt_64304,CN=Users,DC=contoso,DC=com
CN=RODC,OU=Domain Controllers,DC=contoso,DC=com
CN=RodcAdministrator,CN=Users,DC=contoso,DC=com

If I wanted to "add" to this list of  "allowed" passwords then I would type the following command;

repadmin /prp add Rodc allow cn=jlewis,cn=users,dc=contoso,dc=com
For RODC "CN=RODC,OU=Domain Controllers,DC=contoso,DC=com", "CN=jlewis,CN=Users,DC=contoso,DC=com" added to the allow list.

This looks a really useful addition to Repadmin . See below for the list of full switches;

Type Repadmin /prp from a Windows 2008 Domain Controller with the Support Tools installed to see the full list of switches.