Administrator Role Separation (ARS) in a Read-Only Domain Controller (RODC) is a feature that enhances security by allowing the delegation of administrative tasks to different users without giving them full administrative privileges over the domain controller or the entire Active Directory (AD) environment.
Open CMD as Administrator mode
dsmgmt.exe
Local Roles
List Roles
show role Administrators
add dell\rodc_admin Administrators
remove dell\rodc_admin Administrators
Step:1
dsmgmt.exe
Local Roles
![](https://wintelteams.wordpress.com/wp-content/uploads/2024/06/image-8.png?w=980)
Step:2
show role Administrators
![](https://wintelteams.wordpress.com/wp-content/uploads/2024/06/image-9.png?w=759)
Step:3
add dell\rodc_admin Administrators
![](https://wintelteams.wordpress.com/wp-content/uploads/2024/06/image-10.png?w=368)
Step:4
remove dell\rodc_admin Administrators
![](https://wintelteams.wordpress.com/wp-content/uploads/2024/06/image-11.png?w=366)
Refer :
Leave a comment