Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as
shown in the following table.
The domain contains two global groups. The groups are configured as shown in the following table.
You need to ensure that the RODC is configured to meet the following requirements:
Cache passwords for all of the members of Branch1Users. Prevent the caching of passwords for the members of Helpdesk.
What should you do?
A.
Modify the membership of the Denied RODC Password Replication group.
B.
Install the BranchCache feature on RODC1.
C.
Modify the delegation settings of RODC1.
D.
Create a Password Settings object (PSO) for the Helpdesk group.
Explanation:
Password Replication Policy Allowed and Denied lists Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC
operations. These are the Allowed RODC Password Replication Group and Denied RODC Password Replication Group.
These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added
to the msDS- RevealOnDemandGroup and msDS-NeverRevealGroup Active Directory attributes.
Password Replication Policy