Your network contains an Active Directory domain named adatum.com. The domain contains two domain
controllers that run Windows Server 2012 R2. The domain controllers are configured as shown in the following
table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create
a new user account named User1.You need to prepopulate the password for User1 on DC2.
What should you do first?
A.
Connect to DC2 from Active Directory Users and Computers.
B.
Add DC2 to the Allowed RODC Password Replication Policy group.
C.
Add the User1 account to the Allowed RODC Password Replication Policy group.
D.
Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Explanation:
To prepopulate the password cache for an RODC by using Active Directory Users and Computers (see step 1
below).
Administrative credentials: To prepopulate the password cache for an RODC, you must be a member of the
Domain Admins group.
Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
Ensure that Active Directory Users and Computers points to the writable domain controller that is running
Windows Server 2008, and then click Domain Controllers.
In the details pane, right-click the RODC computer account, and then click Properties.
Click the Password Replication Policy tab.
Click Advanced.
Click Prepopulate Passwords.
Type the name of the accounts whose passwords you want to prepopulate in the cache for the RODC, and
then click OK.
When you are asked if you want to send the passwords for the accounts to the RODC, click Yes.
Note: You can prepopulate the password cache for an RODC with the passwords of user and computer
accounts that you plan to authenticate to it. When you prepopulate the RODC password cache, you trigger the
RODC to replicate and cache the passwords for users and computers before the accounts try to log on in the
branch office.
Incorrect:
Not C. You don’t need to add User1 to the Allowed RODC Password Replication Policy group. As a first step
you should run Active Directory Users and Computers as a member of the Domain/Enterprise Admins
group.-
Password Replication Policy Administration
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
D is incorrect. The answer D applies to server 2008 . Both DC’s are 2012.
C is correct.
8
0
I think D is correct
yes C will work, but the question is asking us to prepopulate right then and there, which you would use Active Directory Users and Computers.
https://blogs.technet.microsoft.com/askds/2008/01/18/understanding-read-only-domain-controller-authentication/
The configuration of a Password Replication Policy is pretty straight forward. Open Active Directory Users and Computers snap-in and select the RODC in the Domain Controllers organizational unit. On the “Password Replication Policy” tab, there are the two groups: “Allowed RODC Password Replication Group” and “Denied RODC Password Replication Group”. A user can be added to either of the desired groups.
Another really cool feature is the “Prepopulate the password cache for an RODC” button. This button (pictured) allows an administrator to pre-add users that will be authenticating to the RODC.
0
4
You can’t prepopulate if the account is not in the Allowed list first.
So I think it’s C.
2
0
Wrong! The answer is C.
“the question is asking us to prepopulate right then and there”
Wrong again!
1
0