Which two object types should you identify?

Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to
customize the password policy settings ofcontoso.com.
You need to identify to which Active Directory object types you can directly apply the finegrained password policies.
Which two object types should you identify? (Each correct answer presents part of the
solution. Choose two.)

A.
Users

B.
Global groups
C.computers

D.
Universal groups

E.
Domain local groups

Explanation:
First off, your domain functional level must be at Windows Server 2008. Second, Finegrained password policies ONLY apply to user objects, and global security groups. Linking
them to universal or domain local groups is ineffective. I know what you’re thinking, what
about OU’s? Nope, Fine-grained password policy cannot be applied to an organizational
unit (OU) directly. The third thing to keep in mind is, by default only members of the Domain

Admins group can set fine-grained password policies. However, you can delegate this ability
to other users if needed.
Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they
are used instead of user objects) and global security groups.
You can apply Password Settings objects (PSOs) to users or global security groups:
http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/cc770848%28v=ws. 10%29. aspx
http: //www. brandonlawson. com/active-directory/creating-fine-grained-password-policies/