Your network contains an Active Directory domain named contoso.com.
The password policy for the domain is set to require a minimum password length of 10
characters.
A user named User1 and a user named User2 work for the sales department.
User1 is forced to create a domain password that has a minimum of 12 characters.User2 is
forced to create a domain password that has a minimum of eight characters.
You need to identify what forces the two users to have different password lengths.
Which tool should you use?
A.
Group Policy Management
B.
Credential Manager
C.
Active Directory Administrative Center
D.
Security Configuration Wizard (SCW)
Explanation:
In Windows Server 2008, you can use fine-grained password policies to specify multiple
password policies and apply different password restrictions and account lockout policies to
different sets of users within a single domain. For example, to increase the security of
privileged accounts, you can apply stricter settings to the privileged accounts and then apply
less strict settings to the accounts of other users. Or in some cases, you may want to apply a
special password policy for accounts whose passwords are synchronized with other data
sources. This is found in the Active Directory Administrative Center. You can use Active
Directory Administrative Center to perform the following Active Directory administrative
tasks:
Create new user accounts or manage existing user accounts
Create new groups or manage existing groups
Create new computer accounts or manage existing computer accounts
Create new organizational units (OUs) and containers or manage existing OUs
Connect to one or several domains or domain controllers in the same instance of Active
Directory Administrative Center, and view or manage the directory information for those
domains or domain controllers
Filter Active Directory data by using query-building search
References:
http://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx
I think the answer is supposed to be A.
Group policy objects and what is being applied to a user can be viewed using Group Policy Management. I think the Resultant Set of Policy (RSoP) wizard needs to be run in order to see what is different for each user.
C: Active Directory Admin Center (correct)
It’s talking about Fine-Grained password policies. This can be done through ADAC. Here’s a link:
http://blogs.technet.com/b/reference_point/archive/2013/04/12/fine-grained-password-policies-gui-in-windows-server-2012-adac.aspx
C: AD Admin Center is correct
Group policy management console doesn’t have the ability to edit fine grained password policy.
An alternative is ADSI Edit