You need to purge the list of user accounts that were authenticated on a read-only domain
controller (RODC).
What should you do?
A.
Run the repadmin.exe command and specify the /prp parameter.
B.
From Active Directory Sites and Services, modify the properties of the RODC computer
object.
C.
From Active Directory Users and Computers, modify the properties of the RODC
computer object.
D.
Run the dsrm.exe command and specify the -u parameter.
Explanation:
http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-passwordreplication-policy.aspx
Clearing the authenticated accounts list
In addition to reviewing the list of authenticated users, you may decide to periodically clean
up the list of accounts that are authenticated to the RODC. Cleaning up this list may help
you more easily determine the new accounts that have authenticated through the RODC.
Membership in the Domain Admins group of the domain in which the RODC is a member, or
equivalent, is the minimum required to complete this procedure.
To clear all entries from the list, run the command repadmin /prp delete <hostname> auth2
/all.
Substitute the actual host name of the RODC that you want to clear. For example, if you
want to clear the list of authenticated accounts for RODC2, type repadmin /prp delete rodc2
auth2 /all, and then press ENTER.