Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The domain contains
three domain controllers. The domain controllers are configured as shown in the following
table.
The domain contains two global groups. The groups are configured as shown in the
following table.
You need to ensure that the RODC is configured to meet the following requirements:
Cache passwords for all of the members of Branch1Users.
Prevent the caching of passwords for the members of Helpdesk.
What should you do?
A.
Modify the membership of the Denied RODC Password Replication group.
B.
Install the BranchCache feature on RODC1.
C.
Modify the delegation settings of RODC1.
D.
Create a Password Settings object (PSO) for the Helpdesk group.
For details see: https://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
0
0
answer is B
0
0
ignore my comment, the answer provided is correct!
0
0
This prevents the “Helpdesk” users’ passwords from caching, but does not address the requirement for caching (allowing) for the “Branch1Users” group. There is something missing: msDS-RevealOnDemandGroup (AKA the “Allowed list”) which is an attribute of the RODC.
0
0
I don’t get this. By default, no passwords will be cached, so nothing needs to be done in that respect.
The allowed list needs to be modified to add “Branch1Users”.
0
0