Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

Why you cannot view the msDS-RevealedUsers attribute value on a read-only domain controller that is running Windows Server 2008

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 954405 - Last Review: February 9, 2009 - Revision: 1.0

Why you cannot view the msDS-RevealedUsers attribute value on a read-only domain controller that is running Windows Server 2008

View products that this article applies to.

INTRODUCTION

This article describes why you cannot view the msDS-RevealedUsers attribute value that is stored on a read-only domain controller (RODC).

MORE INFORMATION

When you try to view the msDS-RevealedUsers attribute value on a Windows Server 2008-based RODC, you may receive the following error message:
There is no editor registered to handle this attribute type.
Note However, you can view values for the following attributes:
  • msDS-RevealOnDemandGroup
  • msDS-NeverRevealGroup
  • msDS-AuthenticatedToAccountList
The msDS-RevealedUsers attribute is a list of security principals whose passwords were replicated to the RODC.

Password Replication Policy (PRP) is a mechanism to determine whether user credentials or computer credentials can be replicated from a writable domain controller to a RODC.

The PRP is defined by the following attributes:
  • msDS-Reveal-OnDemandGroup
    This attribute is also known as the Allowed List. This attribute points to the distinguished name (DN) of the Allowed List. The Allowed List member credentials can be replicated to the RODC.
  • msDS-NeverRevealGroup
    This attribute points to the DNs of security principals whose credentials are denied replication to the RODC.
  • msDS-RevealedList
    This attribute is a list of security principals whose current computer account passwords have been replicated to the RODC.
  • msDS-RevealedUsers
    This attribute is a list of all security principals whose passwords have ever been replicated to the RODC.
  • msDS-AuthenticatedToAccountList
    This attribute contains a list of security principals in the local domain that have been authenticated by the RODC.
APPLIES TO
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Standard
  • Windows Web Server 2008
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Standard without Hyper-V
Back to the top
Keywords: 
kbhowto kbsurveynew kbinfo kbexpertiseinter KB954405
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting