Yournetwork contains an Active Directory domain named adatum.com. The domain contains two
domain controllers that run Windows Server 2012 R2. The domain controllers are configured as
shown in the following table.
Youlog on to DC1 by using a user account that is a member of the Domain Admins group, and then
you create a new user account named User1.
Youneed to prepopulate the password for User1 on DC2.
What should you do first?
A.
Connect to DC2 from Active Directory Users and Computers.
B.
Add DC2 to the Allowed RODC Password Replication Policy group.
C.
Add the User1 account to the Allowed RODC Password Replication Policy group.
D.
Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Explanation:
To prepopulate the password cache for an RODC by using Active Directory Users and Computers
(see step 1 below).
Administrative credentials: To prepopulate the password cache for an RODC, you must be a member
of the Domain Admins group.
1. Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
2. Ensure that Active Directory Users and Computers points to the writable domain controller
that is running Windows Server 2008, and then click Domain Controllers.
3. In the details pane, right-click the RODC computer account, and then click Properties.
4. Click the Password Replication Policy tab.
5. Click Advanced.
6. Click Prepopulate Passwords.
7. Type the name of the accounts whose passwords you want to prepopulate in the cache for
the RODC, and then click OK.
8. When you are asked if you want to send the passwords for the accounts to the RODC, click
Yes.
Note: You can prepopulate the password cache for an RODC with the passwords of user and
computer accounts that you plan to authenticate to it. When you prepopulate the RODC password
cache, you trigger the RODC to replicate and cache the passwords for users and computers before
the accounts try to log on in the branch office.
Incorrect:
Not C. You don’t need to add User1 to the Allowed RODC Password Replication Policy group. As a
first step you should run Active Directory Users and Computers as a member of the
Domain/Enterprise Admins group.- Password Replication Policy Administration
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
Incorrect answer , your explanation is spot on but the answer should be
C.
Add the User1 account to the Allowed RODC Password Replication Policy group.
2
0
Ans: C
Ref: https://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy(v=ws.10).aspx
2
0
C is the correct answer
you didn’t have a user in Enterprise Admin group, the Q. state that your user is Domain Admin
and you need domain admin user only
2
0
by default, administrators and account/backup/server operators, are not replicated to RODC.
User1 is not an administrator.
Then the answer C is incorrect for this.
There is a similar question where User1 is administrator, in this case C would be correct.
1
0
In this question, User1 is a member of Domain Admins.
0
1
where did you read this? question states you use a user which is dom admin, but it is nothing mentioned about User1 privileges!
So I would consider this new account with no dom admin rights, and then Ans.C is correct.
1
0
WHAT’S WRONG WITH YOU.
Administrators and account/backup/server operators won’t be replicated to RODC as is for a more secure security reasons.
User1 is not an administrator makes it possible to be in the “Allowed RODC Password Replication Policy group”.
As the Qn also clearly mention, “Youlog on to DC1 by using a user account that is a member of the Domain Admins group” , that is enough rights to add the newly created user1 to the “Allowed RODC Password Replication Policy group”.
Geez all these people…
1
2
Guys, you’re missing the point here. The point is to ” prepopulate the password for User1 on DC2″ and not enable RODC to replicate from the DC.
The only way to prepopulate the password is by using ADUC.
See here section “Prepopulate the password cache for an RODC”
https://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
So the answer provided (D) is corect.
0
0
This exactly what poster A said.
Answer: D
0
0
Incorrect…
Nowhere is any documentation does it state you have to be a member of the Enterprise Admins group to pre-populate passwords: “Domain Administrators” have the ability to do this, as you have logged into the DC as a Domain Admin and already created “user 1”. You would need to add them to the Allowed RODC group, then do the process of pre-populating the passwords. You can then Select the account to pre-populate, for this to occur “User1” would also have to already be in the Allowed RODC list.
2
0
I can see the answer being C.
The pre-population of the password is done via the ADUC tool, but you are correct that domain admin is the required right not Enterprise Admins. Adding the ID to the RODC PRP can be done via PowerShell or ADUC, so it could be C, then open ADUC & prepopulate.
I’m not really sure which answer would be considered correct.
0
0
C would be the correct logical answer
0
0
Side Note: Enterprise Admin would give you all the rights you would need….as would Domain Admin.
0
0