ABC.com boasts a main office and 20 branch offices. Configured as a separate site, each
branch office has a Read-Only Domain Controller (RODC) server installed.
Users in remote offices complain that they are unable to log on to their accounts. What
should you do to make sure that the cached credentials for user accounts are only stored in
their local branch office RODC server?
A.
Open the RODC computer account security tab and set Allow on the Receive as
permission only for the users that are unable to log on to their accounts
B.
Add a password replication policy to the main Domain RODC and add user accounts in
the security group
C.
Configure a unique security group for each branch office and add user accounts to the
respective security group. Add the security groups to the password replication allowed group
on the main RODC server
D.
Configure and add a separate password replication policy on each RODC computer
account
Explanation:
http://technet.microsoft.com/en-us/library/cc730883%28v=ws.10%29.aspx
Password Replication Policy
When you initially deploy an RODC, you must configure the Password Replication Policy on
the writable domain controller that will be its replication partner.
The Password Replication Policy acts as an access control list (ACL). It determines if an
RODC should be permitted to cache a password. After the RODC receives an authenticated
user or computer logon request, it refers to the Password Replication Policy to determine if
the password for the account should be cached. The same account can then perform
subsequent logons more efficiently.
The Password Replication Policy lists the accounts that are permitted to be cached, and
accounts that are explicitly denied from being cached. The list of user and computer
accounts that are permitted to be cached does not imply that the RODC has necessarily
cached the passwords for those accounts. An administrator can, for example, specify in
advance any accounts that an RODC will cache. This way, the RODC can authenticate
those accounts, even if the WAN link to the hub site is offline.