We're intending on setting up RODCs in each of our warehouses to provide domain authentication services if the WAN links are down. I'm trying to find the best settings for configuring PRP.
1. Do I create a different AD Group for each Warehouse and put that in as the allowed Password Caching Group for each respective DC?
2. Do I need to put machine accounts in the Allowed Groups?