3.5.4.5.1.2 RODC server cachability validation

If the NTLMv2_CLIENT_CHALLENGE request (see [MS-NLMP] section 2.2.2.7) does not include a non-empty MsvAvNbComputerName AVPair (see [MS-NLMP] section 2.2.2.1), the validation succeeds.

Otherwise, validation proceeds as follows:

1. Let NBComputerName be the value of the MsvAvNbComputerName AVPair.

2. Append a ‘$’ character to NBComputerName.

3. Let RODC be the Read only domain controller object that submitted the request.

4. Let O be the security principal object whose samAccountName attribute matches NBComputerName.

5. Let Cacheable be the value consistent with locally querying the RODC!msDS-IsUserCachableAtRodc attribute specified in [MS-ADTS] section 3.1.1.4.5.32, where TO=O.

6. If Cacheable is true, validation succeeds. 

7. Otherwise, validation fails.