What should you include in the recommendation?

Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The main office
contains domain controllers that run Windows Server 2012. The branch office contains a
read-only domain controller (RODC) that runs Windows Server 2012.
You need to recommend a solution to control which Active Directory attributes are replicated
to the RODC.
What should you include in the recommendation?

Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The main office
contains domain controllers that run Windows Server 2012. The branch office contains a
read-only domain controller (RODC) that runs Windows Server 2012.
You need to recommend a solution to control which Active Directory attributes are replicated
to the RODC.
What should you include in the recommendation?

A.
The partial attribute set

B.
The filtered attribute set

C.
Application directory partitions

D.
Constrained delegation

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

Sjoerd Stefma

Sjoerd Stefma

Correct: The RODC FAS is a dynamic set of attributes that is not replicated to any RODCs in the forest. These attributes are not replicated to RODCs because they contain sensitive data. Because they are not replicated to RODCs, a malicious user who has managed to compromise an RODC cannot expose them.
The default RODC FAS contains the following list of attributes:
ms-PKI-DPAPIMasterKeys

ms-PKI-AccountCredentials

ms-PKI-RoamingTimeStamp

ms-FVE-KeyPackage

ms-FVE-RecoveryGuid

ms-FVE-RecoveryInformation

ms-FVE-RecoveryPassword

ms-FVE-VolumeGuid

ms-TPM-OwnerInformation

Source: https://technet.microsoft.com/nl-nl/library/cc753459(v=ws.10).aspx

Reply