Your network contains an Active Directory domain named adatum.com.
The domain contains two domain controllers that runWindows Server 2012.
The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is amember of the Domain Admins group, and then you create
a new user account named User1.
You need to prepopulate the password for User1 on DC2.
What should you do first?
A.
Connect to DC2 from Active Directory Users and Computers.
B.
Add DC2 to the Allowed RODC Password Replication Policy group.
C.
Add the User1 account to the Allowed RODC Password Replication Policy group.
D.
Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Explanation:
http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
You must include the appropriate user, computer, and service accounts in the Password Replication Policy in order to allow the RODC to satisfy authentication and service ticket requests locally.
answer C
The question says What should you do first?
Adding the User1 account to the Allowed RODC Password Replication Policy group does not prepopulate the password for User1 on DC2 !
First of all, you need to connect to DC2 using AD Users and Computers.
The answer is definitively A !!!
Correction of my previous post:
To prepopulate the password, the Admin must ensure that AD Users and Computers points to the writable DC.
So, not A, because DC2 is the RODC.
This leaves us with C or D.
I choose C because D does not add nothing new (the Domain Admins group has enough privileges to do this operation and, by reading the text, we can assume he is already using AD Users and Computers).
Also, C allows to obtain the desired result.
It should be C.
https://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx