Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Active Directory Rights Management Services server role installed.
The domain contains a domain local group named Group1.
You create a rights policy template named Template1. You assign Group1 the rights to
Template1.
You need to ensure that all the members of Group1 can use Template1.
What should you do?
A.
Configure the email address attribute of Group1.
B.
Convert the scope of Group1 to global.
C.
Convert the scope of Group1 to universal.
D.
Configure the email address attribute of all the users who are members of Group1.
https://technet.microsoft.com/en-us/library/dd772638%28v=ws.10%29.aspx
Bobsmith!! what is the answer as i can’t see you answer?
but according to my understanding the answar is “D”
Yes D
For each user account and group that you configure with AD RMS, you need to add an e-mail address and then assign the users to grou
Configuring email does not allow users to use template. You still have to manually assign users to a template.
I think it’s A.
If you assign a permission to a group, you tye the email address of the group so I am not sure it’s needed to set an email address to ach user.
https://technet.microsoft.com/en-us/library/cc754068.aspx
“On the Add User Rights page do the following:
Click Add . In the Add User or Group dialog box, click Browse to browse to a user or group in your Active Directory Domain Services directory or type the valid e-mail address of a user or group to add, and then click OK . Repeat to add additional users or groups as necessary.
The question mentioned that the Group1 receive the Template1 rights, so I agree with Ayelet and I think the answer is A (Configure the email address attribute of Group1).
“(…) browse to a user or group in your Active Directory Domain Services directory or type the valid e-mail address of a user or group to add.”
I believe D is correct. However A and D are both potential answers given the below. There is more reference to ensuring user accounts have the email attribute configured rather than groups though. Therefore D is the stronger answer.
http://social.technet.microsoft.com/wiki/contents/articles/13130.ad-rms-troubleshooting-guide.aspx”
“Make sure that the user at the AD RMS client computer has an email address configured in Active Directory.”
When a user or group is created in Active Directory, the mail attribute is an optional attribute that can be set to include a primary email address for the user or group. For AD RMS to work properly, this attribute must be set because all users must have an email attribute to protect and consume content. This can be done by setting the email address field in the properties for the user or group using either of the following tools:
The Active Directory Users and Computers console
The Active Directory Administrative Center
http://www.derekseaman.com/tag/certificate-authority
One thing I have noticed that may give the answer away is “assign Group1 the rights to Template1” … this tells me that group1 already has an email address as it has already been given permissions to template1, permissions can only be assigned to an object that has an email address.
I believe that the group and users must have email addresses, therefore you will need to give the users email address as the group already has one.
So my answer is D
I like the group email answer. I’ve also seen comments elsewhere that the group does need to be universal. But I believe the email requirement is a stronger one.
Also to rule out B and C, again it says you give group1 permissions. Suggesting there was no issue giving it permissions although it is a domain local group
Not A. Email address attribute of Group1 must be configured when Template1 is created and Group1 rights are assigned to it.
D is correct.
correct answer is C
The crutial work here is u implemented a domain local group.
you should change it to universal
“AD DS Universal groups should be used so that the group membership is replicated to every global catalog server in the forest. Schema extensions must exist in forests that contain contact objects that allow the schema extensions to point back to the forests that contain the actual objects. If schema extensions are not used, client”
https://technet.microsoft.com/en-us/library/dd772659%28v=ws.10%29.aspx
I understand testing king’s logic… however,
the test question is in a “single” domain.. so either Universal or local domain groups work in this case.. Universal groups help propagate groups membership in forests with multiple domains.. that is not the case here… so Domain Local group should suffice.. and also… the question stresses the fact that.. You need “TO ENSURE” that “ALL” the members for the Group1 can use template1… to guarantee that, then you need to make sure that all users in the group have email address attribute configured.