In a recent discussion with some Active Directory classmates their was some confusion over the functionality of the password caching on Server 2008 Read-Only Domain Controllers (RODC’s).

Our understanding of hardware such as CPU’s and hard drive’s tell us that cache is generally small buffer between the component (the actual CPU or hard drive) and the rest of the computer. Also, the most confusing element of this cache that the fact that it is volatile, meaning it does not persist through shut downs or restarts and is often overwritten by new data.

When it comes to Active Directory RODC’s on Server 2008 however passwords are cached indefinitely and stored on the RODC’s hard drive. (1)


according to Microsoft there is also “no mechanism to erase passwords after they are cached on the RODC…."

So it is useful to know Microsoft recommends:

"…an administrator should reset the password in the hub site. This way, the password that is cached in the branch will no longer be valid for accessing any resources in the hub site or other branches. In the branch that contains the RODC on which the password may have been compromised, the password will still be valid for authentication purposes until the next replication cycle, at which time its value that is stored on the RODC will be changed to Null. The new password will be cached only after the user authenticates with it—or the new password is prepopulated on the RODC—and if the PRP has not been changed."


1 - Mastering Microsoft Windows Server 2008 R2 - Mark Minsai, page940