@GitHub Copilot - Welcome @BanterBoy, I’m your Copilot and I’m here to help you get things done faster. I can identify issues, explain and even improve code.

You can ask generic questions, but what I’m really good at is helping you with your code. For example:

Generate unit tests for my code Explain the selected code Propose a fix for the bugs in my code If you want to learn more about my capabilities and limitations, check out the Copilot documentation.

I’m powered by AI, so surprises and mistakes are possible. Make sure to verify any generated code or suggestions, and share feedback so that we can learn and improve.

@BanterBoy: - Explain what the script does and why it is useful.

@GitHub Copilot -


  This script will find all Read-Only Domain Controllers (RODCs) and report
  on the Allowed and Denied Password Replication Policies (PRPs) on each one.

  Script Name: Get-RODCPRPs.ps1
  Release 1.0
  Written by [email protected] 29/1/2014

  - Refer to the section on Password Replication Policies in chapter 9 of the
    O'Reilly Active Directoy 5th Edition book under the Read-Only Domain
    Controllers section.


# Import the Active Directory Module
Import-Module ActiveDirectory -WarningAction SilentlyContinue
if ($Error.Count -eq 0) {
    #Write-Host "Successfully loaded Active Directory Powershell's module`n" -ForeGroundColor Green
else {
    Write-Host "Error while loading Active Directory Powershell's module : $Error`n" -ForeGroundColor Red


# Get the script path
$ScriptPath = { Split-Path $MyInvocation.ScriptName }
$ReferenceFile = $(&$ScriptPath) + "\RODCPRPReport.csv"

$array = @()

$RODCs = Get-ADDomainController -Filter { IsReadOnly -eq $true }

foreach ($RODC in $RODCs) {

    $Allowed = Get-ADDomainControllerPasswordReplicationPolicy -Allowed -Identity $RODC

    $Denied = Get-ADDomainControllerPasswordReplicationPolicy -Denied -Identity $RODC

    $AllowArray = @()
    $DeniedArray = @()

    foreach ($Allow in $Allowed) {
        $AllowArray += $Allow.Name
    foreach ($Deny in $Denied) {
        $DeniedArray += $Deny.Name

    $output = New-Object PSObject
    $output | Add-Member NoteProperty -Name "RODC" $RODC.Name
    $output | Add-Member NoteProperty -Name "Allowed" ($AllowArray -join "|")
    $output | Add-Member NoteProperty -Name "Denied" ($DeniedArray -join "|")
    $array += $output


# Write-Output $array | Format-Table
$array | Export-Csv -notype -path "$ReferenceFile"

# Remove the quotes
(Get-Content "$ReferenceFile") | ForEach-Object { $_ -replace '"', "" } | Out-File "$ReferenceFile" -Force -Encoding ascii

Back to Top


Please feel free to copy parts of the script or if you would like to download the entire script, simple click the download button. You can download the complete repository in a zip file by clicking the Download link in the menu bar on the left hand side of the page.

Report Issues

You can report an issue or contribute to this site on GitHub. Simply click the button below and add any relevant notes. I will attempt to respond to all issues as soon as possible.


Back to Top