You plan to deploy an Office 365 tenant to multiple offices around the country.
You need to modify the users and groups who are authorized to administer the Rights Management
service.
Which Windows PowerShell cmdlet should you run?
A.
Add-MsolGroupMember
B.
Get-Add rm Role Based Administrator
C.
Remove-AadrmRoleBasedAdministrator
D.
Enable AadrmSuperUserFeature
Answer should be B. http://technet.microsoft.com/en-us/library/jj585027.aspx
Without the spaces of course.
Without spaces 🙂 Enable AadrmSuperUserFeature is for the super-admins, Get-Add rm Role Based Administrator only lists admins, not modify them, Remove-AadrmRoleBasedAdministrator does “modify” administrative rights by removing them from a user. I say C.
I agree with Grey
The question states you need to MODIFY
Get- Does not modify. Sure you can pipe it to Remove or Add, but thats not what the question is asking.
The only one that can change membership in the list is Remove-AAdrmRoleBased Administrator.
Greywoof…..aaaahhhhrooooo!
I Agree with John.
http://technet.microsoft.com/en-us/library/jj585027.aspx
Manage users and groups who are authorized to administer the Rights Management service for your organization. Option PS:
1.Add-AadrmRoleBasedAdministrator
2.Get–AadrmRoleBasedAdministrator
3.Remove–AadrmRoleBasedAdministrator
Answer is: B
I would choose B.
Before you can even add or remove users to this group, the feature should first be enabled.
Oops, I mean to say D => Enable-AadrmSuperUserFeature
I thing you have right, beacouse you dont add or reove (it is modify group) when you dont before enable super user. Its question is crazy… 🙂 In technet talk about this.
http://msdn.microsoft.com/library/azure/dn629400.aspx
With Enable-AadrmSuperUserFeature you can activate the SuperUser function in Active
Directory Rights Management. This is not enabled by default. If it is turned on you can configure who is authorized to decrypt the files secured with the rights management service. Add-AadrmAdministrator defines administrators for the Aadrm Service.
In my opinion the answer is B
I believe the correct answer is:
C. Remove-AadrmRoleBasedAdministrator
(Remove-AadrmSuperUser – Removes a super user from Rights Management.)
Why I think it is not answer D: from reading the question I believe that there are already users and groups with rights assigned to administer Rights Management, so the AadrmSuperUserFeature must be already enabled, so no need to enable it again. Anyone agree?
“The Enable-AadrmSuperUserFeature cmdlet enables the super user feature. With this feature enabled, you can add or remove super users for Azure Rights Management. By default, the super users feature is not enabled, and no users are assigned to this feature.”
Answer A is incorrect for sure, Answer B also not correct? Cannot find anything why B would be the right answer.
I agree with Frank
To be frank with you all…I agree with Frank.
Confirmed C
https://technet.microsoft.com/en-us/library/jj585027.aspx
Word for word matches the question
“Manage users and groups who are authorized to administer the Rights Management service for your organization.”
Can use one of these three commands. The only one listed in the answer section is the Remove–AadrmRoleBasedAdministrator
Add-AadrmRoleBasedAdministrator
Get–AadrmRoleBasedAdministrator
Remove–AadrmRoleBasedAdministrator
Well… there is no correct answer.
Even Add-MsOlGroupMember can be correct.
The tricky question is that is says “MODIFY” but does not precise if you need to REMOVE or ADD.
C. Remove-AadrmRoleBasedAdministrator
-> Will remove the rights for a given security group. It could be correct but this will simply remove the right to a whole securty group which is supposed to be already in place. there is no real flexibility here. OK it’s “MODIFY” stuff
A. Add-MsolGroupMember Will add member to a securityGroup and this group could totally be an AaDrmRoleBaseAdministrator
I’ve tested it.
To sum up:
Add-MsolGroupMember- > I could add a user to this group and consider this group a Role Based AADRM member. So here i’m adding rights for users.
Remove–AadrmRoleBasedAdministrator -> I will remove rights to a WHOLE group
A and D are correct but do not achieve the same goal.
“A and D are correct but do not achieve the same goal.” => do you mean A and C?
Also, B is must not be the answer.
Because of these, I believe that the answer is D.
I tend to agree with Tester.
Option “D” is not an option here, because AADRMSuperUser is a completely different thing
Option “B” just gives you current AADRM admins
Option “A” seems plausible, but one of the question constraints is “You need to modify the users and groups who are authorized…”. add-msolgroupmember, does not modify any user, it just modifies the group and before you can modify it, you have to create that group and assign that group AADRMRoleBasedAdmin Role.
Option “C” remains the best candidate. See https://msdn.microsoft.com/en-us/library/dn629424.aspx You can use an “-EmailAddress” to “Specifies the email address of a user or group. The cmdlet removes administrative rights for the user or group identified by the email address that you specify.”
or you could use “SecurityGroupDisplayName” to “Specify the display name of a _USER_ or _GROUP_. The cmdlet removes administrative rights for the user or group identified by the name that you specify.”
Therefore option C satisfies all constraints of the question. Yes, it does remove an Admin, but it is a “modify” operation and it has question keywords “users” and “groups” 🙂
The answer ic C
from: https://technet.microsoft.com/en-us/library/jj585027.aspx
Add-AadrmRoleBasedAdministrator
Get-AadrmRoleBasedAdministrator
Remove-AadrmRoleBasedAdministrator
A is out; B is a purpose type (addrm instead of aadrm) ; c = see above and d: not even close.
meant to say “typo” not “type” why cant I edit my comments ?
And if the letter C dont appears in the answers?
A. Add-MsolGroupMember
Will modify the group members by adding another user …
I think the answer is A…Because they plan to deploy a tenant around the country…So they will add people to the group.
I think it’s the Remove cmdlet (Option C) because they want you to modify users AND groups. Nothing stops you from assigning a role to a user, or a group. That being said, nothing stops you nesting one group inside another either.
But on the strength of the fact that MS always wants you to use built-in groups and role assignments rather than creating your own wherever possible, I’m going to do with the Remove option, because the MsolGroupMember option vaguely implies you have given a custom security group these rights, and why do that when there’s a built-in role. Shaky, I know. But I’m going with it.
Hi guys – wrote this morning, passed (Just barely) – 19 brand new questions – but I did get this Q and am happy to report that the “remove” cmdlet (option C) has been replaced with its “add” counterpart instead.
The correct answer is C in this case. Please see the below link
https://technet.microsoft.com/en-us/library/jj585027.aspx
Both B and C are correct but in this case C is more correct as B has spaces in it.
The answer is A.
Plan to deploy an Office 365 tenant. You need to add to allow rights management. Pre-existing modify will require remove.
To modify the users and groups who are authorized to administer the Rights Management service.
• Import-Module Aadrm
• Connect-AadrmService
• Enable-Aadrm
• Remove-AadrmRoleBasedAdministrator
• Enable-AadrmSuperUserFeature
The answer is C
You plan to deploy Office 365 tenant hum Pará VARIOUS Offices The country in ALL.
“Plan to deploy”
You need MODIFY Users and groups are allowed to administer the Rights Management
Service.
If you remove the User ‘s rights , it will not be allowed to give anything .
and hence , the User can not do anything right? to have the office so if it does not open or the page more … here already died planning …
but the question speaks modify , or make any changes in the administrative User permission to use the office prodoto 365 ….
the answer “A” and correct ..
https://msdn.microsoft.com/en-us/library/dn194129.aspx
The Add-AadrmRoleBasedAdministrator cmdlet grants administrative rights to Azure Rights Management within your organization. Specify a user or group to have administrative rights.
This cmdlet adds a member user or group to the list of users and groups that can administer Rights Management. By default, all Microsoft Office 365 global administrators can run all the Windows PowerShell cmdlets for Rights Management. If you have to grant rights to another administrator within your organization, use this cmdlet to specify a security group that can administer the service.
add-msolgroup member Synopsis
Adds a member to an existing security group. so you cannot use for rights management
Manage users and groups who are authorized to administer the Rights Management service for your organization.
The Options are:
Add-AadrmRoleBasedAdministrator (Not Listed)
Get-AadrmRoleBasedAdministrator (For info only)
Remove-AadrmRoleBasedAdministrator (Is the Answer for this Question)
Manage users and groups who are authorized to administer the Rights Management service for your organization.
Add-AadrmRoleBasedAdministrator
Get-AadrmRoleBasedAdministrator
Remove-AadrmRoleBasedAdministrator
You need to modify, so I think C.
Finally passed 70-346 exam!!!
The 70-346 exam is separated in 3 sections now. Total 56 questions.
Section 1 — Fabricam Case Study, 8 questions.
Section 2 — 44 normal questions.
Section 3 — 4 Yes/No questions.
Learned all questions from PassLeader 70-346 dumps, and PassLeader has corrected its answers, 100% valid now!
p.s. Here are part of free PassLeader 70-346 dumps: https://doc.co/sFn6M5
Good Luck!!!
C is correct because modify user/group.
I found this:
https://social.technet.microsoft.com/Forums/en-US/7e35df58-23a8-4853-a313-6cc26b682986/exam-70346-question?forum=rmscloud
—-From Carol Bailey (MSFT) —————————–
Super users do not “administer the Rights Management service”. I suspect whoever wrote this question/answer confused administering the service with the super user feature. Super users can decrypt content that has protected by any user in the tenant, and is typically used for legal or data recovery purposes. But that’s not the same as administering the service. For example, they can’t do any of the administrative tasks listed in this table:(https://docs.microsoft.com/en-us/information-protection/deploy-use/administer-powershell#cmdlets-grouped-by-administration-task). And similarly, administrators of the service are not super users by default.
For a PowerShell answer that lets users administer the service, you would need to run Add-​Aadrm​Role​Based​Administrator, which isn’t one of the answers. This cmdlet lets you specify users or groups. If you planned to run this cmdlet and specify a group and that group already exists with no members, there’s an argument that A. Add-MsolGroupMember is an appropriate answer.
I think the better answer is C. Remove-AadrmRoleBasedAdministrator. But this makes sense only if you have already activated the Azure Rights Management service and have already delegated administrative access to users by running Add-​Aadrm​Role​Based​Administrator and now need to remove some of these users. The question doesn’t mention this and this explanation seems to be at odds with the “planning to deploy” wording. Running this cmdlet would be a reconfiguration task rather than a setup configuration task.
In summary, I agree it’s not D. And I think the question should be reworded.
Monday, April 10, 2017 9:31 PM
——————————-
I vote for A.