Your network contains an Active Directory domain named adatum.com. The domain contains two
domain controllers that run Windows Server 2012 R2. The domain controllers are configured as
shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then
you create a new user account named User1.
You need to prepopulate the password for User1 on DC2.
What should you do first?
A.
Connect to DC2 from Active Directory Users and Computers.
B.
Add DC2 to the Allowed RODC Password Replication Policy group.
C.
Add the User1 account to the Allowed RODC Password Replication Policy group.
D.
Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Explanation:
To prepopulate the password cache for an RODC by using Active Directory Users and Computers (see
step 1 below).
Administrative credentials: To prepopulate the password cache for an RODC, you must be a member
of the Domain Admins group.
Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
Ensure that Active Directory Users and Computers points to the writable domain controller that is
running Windows Server 2008, and then click Domain Controllers.
In the details pane, right-click the RODC computer account, and then click Properties.
Click the Password Replication Policy tab.
Click Advanced.
Click Prepopulate Passwords.
Type the name of the accounts whose passwords you want to prepopulate in the cache for the
RODC, and then click OK.
When you are asked if you want to send the passwords for the accounts to the RODC, click Yes.
Note: You can prepopulate the password cache for an RODC with the passwords of user and
computer accounts that you plan to authenticate to it. When you prepopulate the RODC password
cache, you trigger the RODC to replicate and cache the passwords for users and computers before
the accounts try to log on in the branch office.
Incorrect:
Not C. You don’t need to add User1 to the Allowed RODC Password Replication Policy group. As a
first step you should run Active Directory Users and Computers as a member of the
Domain/Enterprise Admins group.-Password Replication Policy Administration
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre