Setting Password Replication Policy

When you deploy an RODC, you must configure the Password Replication Policy on the writable domain controller that will be its replication partner. The Password Replication Policy acts as an access control list (ACL) and determines whether an RODC should be permitted to cache a password for a particular user or group. After the RODC receives an authenticated user or computer logon request, it refers to the Password Replication Policy to determine whether it should cache the password for the account.

Password Replication Policy Essentials

You can configure Password Replication Policy in several ways:

  • Allow no accounts to be cached, for the strictest control, such as when the physical security of the RODC cannot ...

Get Active Directory® Administrator's Pocket Consultant now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.