On some Remote sites we have deployed physical RODC’s. Our Security and AD team would like to monitor these as we monitor Central domain Controllers, but without distributing the run as account. Is there a way to accomplish this?

Ehrnst selected answer
    • Which run as account are you referring to? / What are you trying to achieve?
    • Hi Jelly, I am referring to the AD MP Runas account which is set up and Distributed to all domain Controllers. Our Security team hope that there is a possibility to not distribute this account to non-writable domain Controllers which is located on Remote sites