Add all New York users to an Active Directory Domain
Services (AD DS) group. Add a Password Replication Policy on the RODC to
allow passwords to be cached for members of the AD DS group.
To add a user, group, or computer to the password replication policy, perform the following steps:
1. | Log
on to a domain controller or a member computer that has Windows Server
2008 Remote Server Administration Tools (RSAT) installed.
|
2. | Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
|
3. | Right-click Active Directory Users and Computers in the console tree, and click Change Domain Controller.
|
4. | On the Change Directory Server window, shown in Figure 1, select a writable domain controller that has W2K8 in the DC Version column and click OK.
|
5. | In the console tree, expand the domain node and select the Domain Controllers node.
|
6. | In the details pane, right-click the RODC on which you want to configure the password replication policy; then click Properties.
|
7. | On the RODC Properties page, click the Password Replication Policy tab.
Note
The Password Replication
Policy tab will only be presented on the properties page for read-only
domain controllers. This tab will not be present for writable domain
controllers.
|
8. | Click Add.
|
9. | On the Add Groups, Users and Computers window, shown in Figure 2,
select Allow passwords for the account to replicate to this RODC or
Deny passwords for the account from replicating to this RODC. Then click
OK.
|
10. | Type
the name of the user, group, or computer you want to allow or deny
password replication, and click OK. The group, user, or computer will be
added to the Password Replication Policy tab, as shown in Figure 10.3.
|
11. | Click OK or Apply to save the changes.
|
