Category: Active Directory

Applies To: Windows Server 2008 This section provides procedures for the following administrative tasks that are related to Password Replication Policy for an RODC: · Configure the Password Replication Policy for an RODC · View Current Credentials That Are Cached on an RODC · Review Whose Accounts Have Been Authenticated to an RODC · Prepopulate the password cache for an RODC · Reset the Current Credentials That Are Cached on an RODC If It Is Stolen Configure the Password Replication Policy for an RODC Administrative credentials To configure the Password Replication Policy for an RODC, you must be a member […]

Applies To: Windows Server 2008 This topic explains what the read-only domain controller (RODC) Filtered Attributes Set (FAS) is and how credential caching and the authentication process work for an RODC. RODC FAS RODCs contain a complete copy of the Active Directory database in the sense that they contain a read-only copy of all partitions that are held by an equivalent writable domain controller. For example, an RODC contains read-only copies of the schema and configuration partitions. If you are using Active Directory–integrated Domain Name System (DNS), an RODC that is a DNS server contains read-only copies of the DNS […]

Applies To: Windows Server 2008 When you initially deploy an RODC, you must configure the Password Replication Policy on the writable domain controller that will be its replication partner. The Password Replication Policy acts as an access control list (ACL). It determines if an RODC should be permitted to cache a password. After the RODC receives an authenticated user or computer logon request, it refers to the Password Replication Policy to determine if the password for the account should be cached. The same account can then perform subsequent logons more efficiently. The Password Replication Policy lists the accounts that are […]