Problem: A group of employees relocated from your company’s New York office to
your company’s head office. The RODC in the New York office previously
cached the password for these employees. These employees no longer need
to authenticate against the RODC.
Solution: Remove the group from the Password Replication Policy on the RODC.
To remove a user, group, or computer from the password replication policy, perform the following steps:
1. | Log on to a domain controller or a member computer that has Windows Server 2008 RSAT installed.
|
2. | Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
|
3. | Right-click Active Directory Users and Computers in the console tree, and click Change Domain Controller.
|
4. | On the Change Directory Server window, select a writable domain controller that has W2K8 in the DC Version column and click OK.
|
5. | In the console tree, expand the domain node and select the Domain Controllers node.
|
6. | In the details pane, right-click the RODC on which you want to configure the password replication policy; then click Properties.
|
7. | On the RODC Properties page, click the Password Replication Policy tab.
|
8. | Select the user, group, or computer you want to remove from the Password Replication Policy, and click Remove.
|
9. | Select Yes on the confirmation to remove the security principal from the Password Replication Policy, shown in Figure 1.
|
