Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Why you cannot view the msDS-RevealedUsers attribute value on a read-only domain controller that is running Windows Server 2008


View products that this article applies to.

Introduction

This article describes why you cannot view the msDS-RevealedUsers attribute value that is stored on a read-only domain controller (RODC).

↑ Back to the top


More information

When you try to view the msDS-RevealedUsers attribute value on a Windows Server 2008-based RODC, you may receive the following error message:
There is no editor registered to handle this attribute type.
Note However, you can view values for the following attributes:
  • msDS-RevealOnDemandGroup
  • msDS-NeverRevealGroup
  • msDS-AuthenticatedToAccountList
The msDS-RevealedUsers attribute is a list of security principals whose passwords were replicated to the RODC.

Password Replication Policy (PRP) is a mechanism to determine whether user credentials or computer credentials can be replicated from a writable domain controller to a RODC.

The PRP is defined by the following attributes:
  • msDS-Reveal-OnDemandGroup
    This attribute is also known as the Allowed List. This attribute points to the distinguished name (DN) of the Allowed List. The Allowed List member credentials can be replicated to the RODC.
  • msDS-NeverRevealGroup
    This attribute points to the DNs of security principals whose credentials are denied replication to the RODC.
  • msDS-RevealedList
    This attribute is a list of security principals whose current computer account passwords have been replicated to the RODC.
  • msDS-RevealedUsers
    This attribute is a list of all security principals whose passwords have ever been replicated to the RODC.
  • msDS-AuthenticatedToAccountList
    This attribute contains a list of security principals in the local domain that have been authenticated by the RODC.

↑ Back to the top


Keywords: KB954405, kbexpertiseinter, kbinfo, kbsurveynew, kbhowto

↑ Back to the top

Article Info
Article ID : 954405
Revision : 1
Created on : 2/9/2009
Published on : 2/9/2009
Exists online : False
Views : 777