You need to ensure that you can use Password Settings o…

Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The
domain contains three domain controllers. The domain controllers are configured as shown in the following
table.

DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles.
You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do first?

Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The
domain contains three domain controllers. The domain controllers are configured as shown in the following
table.

DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles.
You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do first?

A.
Uninstall Active Directory from DC1.

B.
Change the domain functional level.

C.
Transfer the domain-wide operations master roles.

D.
Transfer the forest-wide operations master roles.

Explanation:
In Windows Server 2008 and later, you can use fine-grained password policies to specify multiple password
policies and apply different password restrictions and account lockout policies to different sets of users within a
single domain.
Note: In Microsoft Windows 2000 and Windows Server 2003 Active Directory domains, you could apply only
one password and account lockout policy, which is specified in the domain’s Default Domain Policy, to all users
in the domain. As a result, if you wanted different password and account lockout settings for different sets of
users, you had to either create a password filter or deploy multiple domains. Both options were costly for
different reasons.
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide



Leave a Reply 0

Your email address will not be published. Required fields are marked *