Your network contains one Active Directory domain named contoso.com. The forest functional level
is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run
Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named
RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server
2012 R2.
You need to identify which security principals are authorized to have their password cached on
RODC01.
Which cmdlet should you use?
A.
Get-ADGroupMember
B.
Get-ADDomainControllerPasswordReplicationPolicy
C.
Get-ADDomainControllerPasswordReplicationPolicyUsage
D.
Get-ADDomain
Explanation:
The Get-ADDomainControllerPasswordReplicationPolicy gets the users, computers, service accounts
and groups that are members of the applied list or denied list for a read-only domain controller’s
(RODC) password replication policy. To get the members of the applied list, specify the AppliedList
parameter.To get the members of the denied list, specify the DeniedList parameter.
Example: Get from an RODC domain controller password replication policy the allowed accounts
showing the name and object class of each:
Get-ADDomainControllerPasswordReplicationPolicy -Identity “FABRIKAM-RODC1” -Allowed | ft
Name,ObjectClass Get-ADDomainControllerPasswordReplicationPolicy
https://technet.microsoft.com/en-us/library/ee617207.aspx