Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site 1 contains five domain controllers. Site2 contains one read-only domain controller (RODC). Site1 and Site2 connect to each other by using a slow WAN link.
You discover that the cached password for a user named User1 is compromised on the RODC.
On a domain controller in Site1, you change the password for User1.
You need to replicate the new password for User1 to the RODC immediately. The solution must not replicate other objects to the RODC. Which tool should you use?
A.
Active Directory Sites and Services
B.
Active Directory Users and Computers
C.
Repadmin
D.
Replmon
Anyone knows why?
This is my understanding of why:
The question specifies that data cannot be directly replicated anywhere else… so I’m going with this:
If repadmin had offered any switches I would go with it.
http://technet.microsoft.com/en-us/library/dd736126%28v=ws.10%29.aspx
To use Active Directory Sites and Services to force replication of the configuration partition to an RODC
Open the Active Directory Sites and Services snap-in (Dssite.msc). To open Active Directory Sites and Services, click Start, click Administrative Tools, and then click Active Directory Sites and Services. If the User Account Control dialog box appears, enter the appropriate credentials (if requested), confirm that the action it displays is what you want, and then click Continue.
Double-click Sites, double-click the name of the site that has the RODC, double-click Servers, double-click the name of the RODC, right-click NTDS Settings, and then click Replicate configuration to the selected DC.
Click OK to close the message indicating that AD DS has replicated the connections.
The solution must not replicate other objects to the RODC
Sites and services would replicate everything just to the RODC not just the changed password. I’d go with repadmin because you can specify what to replicate, unlike ADS&S
http://technet.microsoft.com/en-us/library/cc835090(v=ws.10).aspx
Repadmin has the switch “replsingleobj” which does exactly what the question asks for, i am not sure dssite.msc can do that.
Repadmin /replsingleobject
dssite WILL REPLICATE EVERYTHING !!!!
A. IS WRONG
The correct answeris C
repadmin . The switch /rodcpwdrepl allow to replicate only the password
The correct answeris B
To prepopulate the password cache for an RODC by using Active Directory Users and Computers
Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
Ensure that Active Directory Users and Computers points to the writable domain controller that is running Windows Server 2008, and then click Domain Controllers.
In the details pane, right-click the RODC computer account, and then click Properties.
Click the Password Replication Policy tab.
Click Advanced.
Click Prepopulate Passwords.
Type the name of the accounts whose passwords you want to prepopulate in the cache for the RODC, and then click OK.
When you are asked if you want to send the passwords for the accounts to the RODC, click Yes.
https://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
also C
Repadmin /rodcpwdrepl
Triggers replication of passwords for the specified users from a writable Windows Server 2008 source domain controller to one or more read-only domain controllers (RODCs).
For each destination RODC, the source domain controller enforces the Password Replication Policy (PRP) before it performs the operation. If the PRP does not permit replicating the password to an RODC for a specified user, the operation for that user and RODC combination fails.
https://technet.microsoft.com/en-us/library/cc742095.aspx