Which toolshould you use?

seenagapeOctober 12, 2013

Your network contains an Active Directory domain.
The domain contains five sites.
One of the sitescontains a read-only domain controller (RODC) named RODC1.
You need to identify which user accounts can have theirpassword cached on RODC1.
Which toolshould you use?

PrepAway - Latest Free Exam Questions & Answers

A.
Repadmin

B.
Dcdiag

C.
Get-ADDomainControllerPasswordReplicationPolicyUsage

D.
Adtest

Explanation:
“The Get-ADDomainControllerPasswordReplicationPolicyUsage gets the user or computer accounts that are
authenticated by a read-only domain controller (RODC) or that have passwords that arestored on that RODC.
The list of accounts that are stored on a RODC is known as the revealed list.”
So, this revealed list has a list of accounts whosepasswords arecached on RODC’s. But we don’t need the
accounts that arecached on RODC1, but the ones that canbe cached on RODC1. Those are in the allowed
list, and we can get it using repadmin.
Reference:
http://technet.microsoft.com/en-us/library/cc835090.aspx
Repadmin /prp
Lists and modifies the Password Replication Policy (PRP) for read-only domain controllers (RODCs).
Syntax
repadmin /prp view <RODC> {<List_Name>|<User>}
Displays the security principals in the specified list or displays the current PRP setting (allowed ordenied) for a
specified user.
Parameters
<RODC>
Specifies the host name of the RODC. You can specify the single-label host name or the fully qualifieddomain
name. In addition, you can use an asterisk (*) as awildcard character to specify multiple RODCs in one
domain.
<List_Name>
Specifies all the security principals that are in the list that you want to view. The valid list namesare as follows:
auth2: The list of security principals that the RODC has authenticated.
reveal: The list of security principals for which the RODC has cached passwords.
allow: The list of security principals in the msDS-RevealOnDemandGroup attribute. The RODC can cache
passwords for this list of security principals only.
deny: The list of security principals in the msDS-NeverRevealGroup attribute. The RODC cannot cache
passwords for any security principals in this list.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

Microsoft Exam Questions

Free Microsoft Study Guide

Which toolshould you use?

Leave a Reply Cancel reply