Your network contains an Active Directory forest named contoso.com. The functional level of the forest is
Windows Server 2008 R2.
All of the user accounts in the marketing department are members of a group named
Contoso\MarketingUsers. All of the computer accounts in the marketing department are members of a group
named Contoso\MarketingComputers.
A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named
Computer1 is a member of the Contoso\MarketingComputers group.
You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.
When User1 logs on to Computer1 and attempts to change her password, she receives an error message
indicating that her password is too short.
You need to tell User1 what her minimum password length is.
What should you tell User1?
A.
10
B.
11
C.
12
D.
14
Explanation:
One PSO has a precedence value of 2 and the other PSO has a precedence value of 4. In this case, the PSO that
has the precedence value of 2 has a higher rank and, hence, is applied to the object.
User specific PSO’s have higher precedence and will win out against Domain PSO’s
A all the way bae! 😀
Do not be fooled, User1 could have choosen a new password < 10 in length… The question does not say anything about that!
the dudes justification is wrong. PSO5 could have had a precedence of 100. it would still apply.
“when you apply pso’s to the user and group that the user belongs to the group based pso will be ignored and only the pso that applies to the users account will be checked for precedence”