Question

You have three users who travel to four branch offices often and need to log on to the RODCs at these offices. The branch offices are connected to the main office with slow WAN links. You don’t want domain controllers at the main office to authenticate these four users when they log on at the branch offices. What should you do that requires the least administrative effort yet adheres to best practices?

Answer 1

Answer:

Configure Caching on RODCs using PRP.

Explanation

Read only domain controller is a domain controller that allows active directories for read only purposes. An administrator can setup RODCs for branches of a company and control the domain controller of the database server, updating the database which can be viewed as a read only partition in RODC.

Authenticating users in a RODC rely on the domain controller to forward the credentials to the read only domain controller. This can impose to high traffic on a slow WAN network link, especially when many users are trying to authenticate, resulting to high bandwidth.

To avoid this, credential caching by configuring password replication policy (PRP) on the RODC is vital.  

When PRP is configure on RODC, the user only get to authenticate once, then the user password is replicated and encrypted for subsequent use.