Your network contains an Active Directory domain named contoso.com. The domain contains a read-only
domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software
on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A.
From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
B.
From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C.
From a command prompt, run the dsmgmt local roles command.
D.
From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.
Explanation:
RODC: using the dsmgmt.exe utility to manage local administrators
One of the benefits of RODC is that you can add local administrators who do not have full access to the domain
administration. This gives them the ability to manage the server but not add or change active directory objects
unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command
prompt.