How To Manage Password Replication Policies Using PowerShell

Once you have placed a Read-Only Domain Controller (RODC) in a branch office, you will need to configure the Password Replication Policy (PRP) for that RODC. This is where you decide which user accounts are allowed to cache their passwords locally on the RODC, and which ones aren’t.

In this video, David will demonstrate how to easily add a user to the PRP using the Add-ADDomainControllerPasswordReplicationPolicy, view the current PRP configuration with Get-ADDomainControllerPasswordReplicationPolicy and remove users from the PRP using Remove-ADDomainControllerPasswordReplicationPolicy. Additionally, he will show you how to retrieve a list of user accounts that have been authenticated and which accounts have their passwords cached on the RODC using Get-ADDomainControllerPasswordReplicationPolicyUsage.

Prerequisites include: - Configured Read-Only Domain Controller (RODC) - Windows PowerShell 5.1 - Active Directory PowerShell Module