PrepAway - Latest Free Exam Questions & Answers

Which tool should you use?

Your network contains an Active Directory domain named litwareinc.com. The domain
contains two sites named Sitel and Site2. Site2 contains a read-only domain controller
(RODC).
You need to identify which user accounts attempted to authenticate to the RODC.
Which tool should you use?

PrepAway - Latest Free Exam Questions & Answers

A.
Active Directory Users and Computers

B.
Ntdsutil

C.
Get-ADAccountResultantPasswordReplicationPolicy

D.
Adtest

Explanation:
Original answer was C (“Get-ADAccountResultantPasswordReplicationPolicy”).
Ntdsutil cannot be used for this.
http://technet.microsoft.com/en-us/library/cc753343.aspx
Get-ADAccountResultantPasswordReplicationPolicy is used to get the members of the
allowed list or denied list of a read-only domain controller’s password replication policy. GetADDomainControllerPasswordReplicationPolicyUsage could be used, but is not listed.
http://technet.microsoft.com/en-us/library/ee617207.aspx
Adtest is used for perfomance testing.
Reference 1)
http://technet.microsoft.com/en-us/library/cc755310.aspx
Review whose accounts have been authenticated to an RODC
Periodically, you should review whose accounts have been authenticated to an RODC. (…)
You can use Active Directory Users and Computers or repadmin /prp to review whose
accounts have been authenticated to an RODC.
Reference 2)
http://technet.microsoft.com/en-us/library/83a6daba-cdde-4606-97a3-
ebb9d7fa6bf(v=ws.10)#BKMK_Auth2
Gives a step by step explanation on using Active Directory Users and Computers.
Old explanation:
Get-ADDomainControllerPasswordReplicationPolicyUsage o get accounts that are
authenticated by the RODC, use the AuthenticatedAccounts parameter. To get the accounts
that have passwords stored on the RODC, use the RevealedAccounts parameter.
http://technet.microsoft.com/en-us/library/ee617194.aspx


Leave a Reply