Your network contains an Active Directory domain. The domain contains five sites. One of the sites contains a read-only domain controller (RODC) named RODC1.
You need to identify which user accounts can have their password cached on RODC1.
Which tool should you use?
A.
Repadmin
B.
Dcdiag
C.
Get-ADDomainControllerPasswordReplicationPolicyUsage
D.
Adtest
Explanation:
The Get-ADDomainControllerPasswordReplicationPolicyUsage gets the user or computer accounts that are authenticated by a read-only domain controller (RODC) or that have passwords that are stored on that RODC. The list of accounts that are stored on a RODC is known as the revealed list.http://technet.microsoft.com/en-us/library/ee617194.aspx
I think option A is also correct.
Refer to:
http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy(v=ws.10).aspx
Actually I think A is correct and C is wrong; the question is asking for which accounts are on the password replication policy which can be viewed by ADU&C or repadmin. Andwer C gives you a list of accounts that have been stored either by prepopulation or have already authenticated and had their passwords stored.
You need to identify which user accounts can have their password cached on RODC1 <– Answer A
You need to identify which user accounts have their password cached on RODC1 <– Answer C
Thanks Neo.
Repadmin /prp
Specifies the Password Replication Policy (PRP) for read-only domain controllers (RODCs).
I think the right answer is C
Because this command is used for displaying list of accounts that have passwords stored on that RODC.
and the Option A is used for displaying the list of accounts that are allowed or denied.
That is why the answer is A. The question asks “which user accounts can have their password cached on RODC1.” it is not asking what user accounts are cached on RODC1.
The correct answer is A.
http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy(v=ws.10).aspx
Thanks for clarify !!!