Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows
Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All
domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which user accounts were authenticated by RODC1.
Which cmdlet should you use?
A.
Get-ADGroupMember
B.
Get-ADDomainControllerPasswordReplicationPolicy
C.
Get-ADDomainControllerPasswordReplicationPolicyUsage
D.
Get-ADDomain
E.
Get-ADOptionalFeature
F.
Get-ADAccountAuthorizationGroup
Explanation:
Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the
revealed list of the domain controller.Reference: Get-ADDomainControllerPasswordReplicationPolicyUsage
https://technet.microsoft.com/en-us/library/ee617194.aspx
You marked B as the answer and by explanation it should be C.
9
0
It’s C.
5
0
C
5
0
Answer C
Explanation is good:)
5
0
found this good explanation:
Get-ADDomainControllerPasswordReplicationPolicyUsage “Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller.” Aka it tells you which accounts actually used the policy.
Get-ADDomainControllerPasswordReplicationPolicy “Gets the members of the allowed list or denied list of a read-only domain controller’s password replication policy.” Aka it tells you which accounts are able to or not able to use the policy.
Correct answer is definitely B
from: https://www.briefmenow.org/microsoft/which-cmdlet-should-you-use-88/
c/o : correction
1
1
but the correct answer for this question is C. Comment above just shows us the difference of the two.
0
0