3.1.1.4.5.30 msDS-isRODC

The msDS-isRODC attribute exists on AD DS but not on AD LDS.

This attribute indicates whether a specified DC is an RODC. Let TO be the object on which msDS-isRODC is being read. If TO is not an nTDSDSA, computer, or server object, then TO!msDS-isRODC is not present.

  • If TO is an nTDSDSA object:

    • If TO!objectCategory equals the DN of the classSchema object for the nTDSDSA object class, then TO!msDS-isRODC is false. Otherwise, TO!msDS-isRODC is true.

  • If TO is a server object:

    • Let TN be the nTDSDSA object whose DN is "CN=NTDS Settings," prepended to the DN of TO. Apply the previous rule for the "TO is an nTDSDSA object" case, substituting TN for TO.

  • If TO is a computer object:

Show: