HOTSPOT
You need to modify the Password Replication Policy on a read-only domain controller
(RODC).
Which tool should you use?
To answer, select the appropriate tool in the answer area.
Explanation:
http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-passwordreplication-policy.aspx
Administering the Password Replication Policy
This topic describes the steps for viewing, configuring, and monitoring the Password
Replication Policy (PRP) and password caching for read-only domain controllers (RODCs).
To configure the PRP using Active Directory Users and Computers
1. Open Active Directory Users and Computers as a member of the Domain Admins group.
2. Ensure that you are connected to a writeable domain controller running Windows Server
2008 in the correct domain.
3. Click Domain Controllers, and in the details pane, right-click the RODC computer account,
and then click Properties.
4. Click the Password Replication Policy tab.
5. The Password Replication Policy tab lists the accounts that, by default, are defined in the
Allowed list and the Deny list on the RODC. To add other groups that should be included in
either the Allowed list or the Deny list, click Add.
To add other accounts that will have credentials cached on the RODC, click Allow
passwords for the account to replicate to this RODC.
To add other accounts that are not allowed to have credentials cached on the RODC, click
Deny passwords for the account from replicating to this RODC.