Your company has a main office and 10 branch offices. The network consists of one Active Directory
domain. All domain controllers run Windows Server 2008 and are located in the main office. You
need to plan the deployment of one Windows Server 2008 domain controller in each branch office.
The solution must meet the following requirements:
Branch office domain controllers must be able to log users on to the domain.
Branch office domain controllers must be able to store the passwords of only some domain users.
Users must be able to download Group Policy objects (GPOs) from the branch office domain
controllers.
What should your plan include?
A.
Install Active Directory Lightweight Directory Services (AD LDS).
B.
Install Active Directory Domain Services (AD DS) on a Server Core installation of Windows Server
2008.
C.
Install Active Directory Domain Services (AD DS). Select the read-only domain controller (RODC)
option during installation.
D.
Install Active Directory Domain Services (AD DS). Create a new Password Settings object (PSO).
Link the PSO to user objects in the respective branch office.
Explanation:
To deploy Windows Server 2008 domain controller in each branch office and to ensure that branch
office domain controllers would allow users to log on to the domain you need to install Active
Directory Domain Services (AD DS) and select the read-only domain controller (RODC) option during
installation. RODC store the passwords of only some domain users and allows you to download
Group Policy objects (GPOs). Except for account passwords, an RODC holds all the Active Directory
objects and attributes that a writable domain controller holds. By default, an RODC does not store
user or computer credentials. The exceptions are the computer account of the RODC and a special
krbtgt account that each RODC has. You must explicitly allow any other credential caching on an
RODC.
AD DS: Read-Only Domain Controllers/ Credential caching
http://technet2.microsoft.com/windowsserver2008/en/library/ce82863f-9303-444f-9bb3-
ecaf649bd3dd1033.mspx?mfr=true