This feature is what dictates what can be written to an RODC, therefore limiting the amount of sensitive information available to a remote office.
Also, by default, core roles such as the Domain admins are never allowed as part of the replication policy.
I always mention that the need to get hands-on experience with any product you are studying is key to learning it properly, and Read Only Domain Controllers are no exception.
You would need to build two servers (or virtual machines) within your domain, with one obviously being the RODC.
However, the passwords are cached on the server, and only once the RODC has contacted a writable domain controller of authentication.
This is where you should take note of a key term you will come across in your exam: the password replication policy (PRP).
The main reason for using an RODC is mainly for security purposes, while also providing domain resiliency at remote offices.
While much of the 70-640 exam covers the configuration of Active Directory in a Windows Server 2008 environment, other topics also get tested — including Read Only Domain Controllers (RODC), which is a new feature on Windows Server 2008.
IN this article, David Leaver explores the features and configuration of the RODC that may be tested in the 70-640 exam.
As with any additional domain controller role, replication is the key to the successful transfer of information between servers.
One of the best features of RODC is the way it stores user credentials… The replication of user information is there, of course, and is presented to users as and when they need them to supply a domain login.