Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows
Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All
domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether the members of the Protected Users group will be prevented from authenticating
by using NTLM.
Which cmdlet should you use?
A.
Get-ADGroupMember
B.
Get-ADDomainControllerPasswordReplicationPolicy
C.
Get-ADDomainControllerPasswordReplicationPolicyUsage
D.
Get-ADDomain
E.
Get-ADOptionalFeature
F.
Get-ADAccountAuthorizationGroup
G.
Get-ADAuthenticationPolicySilo
H.
Get-ADAuthenticationPolicy
Explanation:
https://technet.microsoft.com/en-us/library/dn466518.aspx
I’m thinking G (Get-ADAuthenticationPolicySilo) on this one.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn486813%28v%3dws.11%29
By pulling the Authentication Policy applied to the protected users group, you should be able to “identify whether the members of the Protected Users group will be prevented from authenticating
by using NTLM” which the policy is per-configured to do.
C foo https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-addomaincontrollerpasswordreplicationpolicyusage?view=win10-ps