A. You can't. There's no way to entirely remove a password from an RODC. To achieve almost the same result, you can remove the password from the RODC's cache. First, delete the user from the list of users whose credentials the RODC is allowed to cache; then, reset the password. At the next replication cycle, the RODC will see that the user's password has changed and that it no longer has permission to cache the user's credentials. The RODC will remove the user's credentials from its cache