You have a single Active Directory directory service domain. You have several domain security policies in place. The relevant part of the network consists of the servers shown in the following table.
You create two global security groups named Sales Admins and Research Admins. You add the users in the sales and research departments into their respective groups.
You need to allow the sales and research departments to administer their own Active Directory user, computer, and group objects, while maintaining the existing security policies of the company.
What should you do?
A.
Create child domains for the sales and research department, and migrate the user and computer accounts from each department into their respective domains. Add the users from the Sales Admins group and Research Admins group to the Domain Admins group in their respective domains.
B.
Create two organizational units (OUs) named Sales and Research, and move the resources of each department into their respective OUs. At the Sales OU, assign the Full Control permission to the Sales Admins group. At the Research OU, assign the Full Control permission to the Research Admins group.
C.
On SRV1, create a local group named Sales Administrators. Add the Sales Admins global group to this local group. On SRV2, create a local group named Research Administrators. Add the Research Admins global group to this local group.
D.
Create two organizational units (OUs) named Sales and Research. Create two Group Policy objects (GPOs) named Sales and Research, and link each GPO to its respective OU. In each GPO, select the Enable computer and user accounts to be trusted for delegation setting, and select the Sales Admins group in the Sales GPO and the Research Admins group in the Research GPO.