70-411 question 115 discussion


Your network contains one Active Directory domain named contoso.com. The forest
functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All
client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC)
named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that
runs Windows Server 2012 R2.
You need to identify which user accounts were authenticated by RODC1.
Which cmdlet should you use?

  • A. Get-ADGroupMember
  • B. Get-ADDomainControllerPasswordReplicationPolicy
  • C. Get-ADDomainControllerPasswordReplicationPolicyUsage
  • D. Get-ADDomain
  • E. Get-ADOptionalFeature
  • F. Get-ADAccountAuthorizationGroup
Created 10 months ago by YJexlab


The correct answer should be C


Why do think that?


Get-ADDomainControllerPasswordReplicationPolicyUsage gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller. Source: https://technet.microsoft.com/en-us/library/ee617194.aspx so the awnser is C.




Correct answer is C. The definition for "Get-ADDomainControllerPasswordReplicationPolicy" is : "Gets the members of the allowed list or denied list of a read-only domain controller's password replication policy."