You work as an enterprise administrator at Domain.com. The Domain.com network consists of
a single Active Directory domain named Domain.com. All servers on the Domain.com network run Windows Server 2008.
Domain.com has its headquarters in Chicago and a branch office around the globe. Each of the branch offices contains a dedicated read-only domain controller (RODC) and is configured as a separate active directory site. You have received numerous complaints from the users that they cannot log onto their account. You need to make sure that the user accounts are kept in their local branch office RODC server.
What should you do?
A.
The best option is to set Allow on the Receive as permission only for the users cannot log on to their accounts, by opening the RODC computer account security tab.
B.
The best option is to add a password replication policy to the main Domain RODC. Thereafter you should add the user accounts in the security group.
C.
The best option is to set up and add a separate password replication policy on each RODC computer account.
D.
The best option is to set up a unique security group for each branch office and add user accounts to the particular security group. You should also add the security groups to the password replication allowed group on the main RODC server
Explanation:
To ensure that the cached credential for user accounts are only stored in their local RODC server, you have to configure and add a separate password replication policy on each RODC computer account. By adding a separate PRP, the user accounts in each branch office will be able to authenticate their accounts.
C