When you try to view the
msDS-RevealedUsers attribute value on a Windows Server 2008-based RODC, you may receive the following error message:
There is no editor registered to handle this attribute type.
However, you can view values for the following attributes:
- msDS-RevealOnDemandGroup
- msDS-NeverRevealGroup
- msDS-AuthenticatedToAccountList
The
msDS-RevealedUsers attribute is a list of security principals whose passwords were replicated to the RODC.
Password Replication Policy (PRP) is a mechanism to determine whether user credentials or computer credentials can be replicated from a writable domain controller to a RODC.
The PRP is defined by the following attributes:
- msDS-Reveal-OnDemandGroup
This attribute is also known as the Allowed List. This attribute points to the distinguished name (DN) of the Allowed List. The Allowed List member credentials can be replicated to the RODC. - msDS-NeverRevealGroup
This attribute points to the DNs of security principals whose credentials are denied replication to the RODC. - msDS-RevealedList
This attribute is a list of security principals whose current computer account passwords have been replicated to the RODC. - msDS-RevealedUsers
This attribute is a list of all security principals whose passwords have ever been replicated to the RODC. - msDS-AuthenticatedToAccountList
This attribute contains a list of security principals in the local domain that have been authenticated by the RODC.