There is no mechanism to erase
passwords after they are cached on an RODC. If you want to clear a password
that is stored on an RODC, an administrator should reset the password in the
hub site. This way, the password that is cached in the branch will no longer be
valid for accessing any resources in the hub site or other branches.
In the branch that contains the RODC
on which the password may have been compromised, the password will still be
valid for authentication purposes until the next replication cycle, at which
time its value that is stored on the RODC will be changed to Null. The new
password will be cached only after the user authenticates with it—or the new
password is prepopulated on the RODC—and if the PRP has not been changed.In the
event that an RODC is compromised, you should reset the passwords for all
accounts that have cached passwords and then rebuild the RODC.
0 Comments