Setting Password Replication Policy
When you deploy an RODC, you must configure the Password Replication Policy on the writable domain controller that will be its replication partner. The Password Replication Policy acts as an access control list (ACL) and determines whether an RODC should be permitted to cache a password for a particular user or group. After the RODC receives an authenticated user or computer logon request, it refers to the Password Replication Policy to determine whether it should cache the password for the account.
Password Replication Policy Essentials
You can configure Password Replication Policy in several ways:
Allow no accounts to be cached, for the strictest control, such as when the physical security of the RODC cannot ...
Get Active Directory® Administrator's Pocket Consultant now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.