Home » Microsoft » 70-640 » Which tool should you use?
Your network contains an Active Directory domain named litwareinc.com.
The domain contains two sites named Site1 and Site2.
Site2 contains a read-only domain controller (RODC).
You need to identify which user accounts attempted to authenticate to the RODC.
Which tool should you use?
A. Active Directory Users and Computers
B. Ntdsutil
C. Get-ADAccountResultantPasswordReplicationPolicy
D. Adtest
Correct Answer: A
Explanation/Reference:
Ntdsutil cannot be used for this.
http://technet.microsoft.com/en-us/library/cc753343.aspx
Get-ADAccountResultantPasswordReplicationPolicy is used to get the members of the allowed list or denied list of a read-only domain controller’s password replication policy. Get- ADDomainControllerPasswordReplicationPolicyUsage could be used, but is not listed. http://technet.microsoft.com/en-us/library/ee617207.aspx
Adtest is used for perfomance testing.
Reference 1:
http://technet.microsoft.com/en-us/library/cc755310.aspx
Review whose accounts have been authenticated to an RODC
Periodically, you should review whose accounts have been authenticated to an RODC. (…)
You can use Active Directory Users and Computers or repadmin /prp to review whose accounts have been authenticated to an RODC.
Reference 2:
http://technet.microsoft.com/en-us/library/83a6daba-cdde-4606-97a3-6ebb9d7fa6bf(v=ws.10) #BKMK_Auth2
[Gives a step by step explanation on using Active Directory Users and Computers for this.]