Home » Microsoft » 70-412 v.2 » What should you do first?
Your network contains an Active Directory domain named adatum.com. The domain contains two domain controllers that run Windows Server 2012 R2. The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1.
You need to prepopulate the password for User1 on DC2.
What should you do first?
A. Connect to DC2 from Active Directory Users and Computers.
B. Add DC2 to the Allowed RODC Password Replication Policy group.
C. Add the User1 account to the Allowed RODC Password Replication Policy group.
D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Correct Answer: D
Explanation/Reference:
To prepopulate the password cache for an RODC by using Active Directory Users and Computers (see step 1 below).
Administrative credentials: To prepopulate the password cache for an RODC, you must be a member of the Domain Admins group.
1.Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
2.Ensure that Active Directory Users and Computers points to the writable domain controller that is running Windows Server 2008, and then clickDomain
Controllers.
3.In the details pane, right-click the RODC computer account, and then click Properties.
4.Click the Password Replication Policy tab.
5.Click Advanced.
6.Click Prepopulate Passwords.
7.Type the name of the accounts whose passwords you want to prepopulate in the cache for the RODC, and then clickOK.
8.When you are asked if you want to send the passwords for the accounts to the RODC, click Yes.
Note: You can prepopulate the password cache for an RODC with the passwords of user and computer accounts that you plan to authenticate to it. When you prepopulate the RODC password cache, you trigger the RODC to replicate and cache the passwords for users and computers before the accounts try to log on in the branch office.
Incorrect:
Not C. You don’t need to add User1 to the Allowed RODC Password Replication Policy group. As a first step you should runActive Directory Users and Computers as a member of the Domain/Enterprise Admins group.-
Reference: Password Replication Policy Administration
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre