Your network contains an Active Directory domain named contoso.com. The domain contains an organizational
unit (OU) named IT and an OU named Sales.
All of the help desk user accounts are located in the IT OU. All of the sales user accounts are located in the
Sales OU. The Sales OU contains a global security group named G_Sales. The IT OU contains a global
security group named G_HelpDesk.
You need to ensure that members of G_HelpDesk can perform the following tasks:Reset the passwords of the sales users.
Force the sales users to change their password at their next logon.
What should you do?
A.
Run the Set-ADAccountPasswordcmdlet and specify the -identity parameter.
B.
Right-click the Sales OU and select Delegate Control.
C.
Right-click the IT OU and select Delegate Control.
D.
Run the Set-ADFineGrainedPasswordPolicycmdlet and specify the -identity parameter.
Explanation:
G_HelpDesk members need to be allowed to delegate control on the Sales OU as it contains the sales users
(G_Sales)
You can use the Delegation of Control Wizard to delegate the Reset Password permission to the delegated
user.http://support.microsoft.com/kb/296999/en-us
http://technet.microsoft.com/en-us/library/cc732524.aspx