What should you include in the recommendation?

You are designing an Active Directory forest for a company named Contoso, Ltd. Contoso
identifies the following administration requirements for the design:
User account administration and Group Policy administration will be performed by network
technicians. The technicians will be added to a group named OUAdmins.
IT staff who are responsible for backing up servers will have user accounts that are
members of the Backup Operators group in the domain.
All user accounts will be located in an organizational unit (OU) named AllEmployees.
You run the Delegation of Control Wizard and assign the OUAdmins group full control to all
of the objects in the AllEmployeesOU.
After delegating the required permissions, you discover that the user accounts of some of
the IT staff have inconsistent permissions on the objects in AllEmployees.
You need to recommend a solution to ensure that the members of OUAdmins can manage
all of the objects in AllEmployees.
What should you include in the recommendation?

You are designing an Active Directory forest for a company named Contoso, Ltd. Contoso
identifies the following administration requirements for the design:
User account administration and Group Policy administration will be performed by network
technicians. The technicians will be added to a group named OUAdmins.
IT staff who are responsible for backing up servers will have user accounts that are
members of the Backup Operators group in the domain.
All user accounts will be located in an organizational unit (OU) named AllEmployees.
You run the Delegation of Control Wizard and assign the OUAdmins group full control to all
of the objects in the AllEmployeesOU.
After delegating the required permissions, you discover that the user accounts of some of
the IT staff have inconsistent permissions on the objects in AllEmployees.
You need to recommend a solution to ensure that the members of OUAdmins can manage
all of the objects in AllEmployees.
What should you include in the recommendation?

A.
Remove the IT staff user accounts from Backup Operators and place them in a new
group. Grant the new group the Backup files and directories user right and the Restore files
and directories user right. Enforce permission inheritance on all of the objects in the
AllEmployeesOU.

B.
Create separate administrator user accounts for the technicians. Enforce permission
inheritance on all of the objects in the AllEmployeesOU. Delegate permissions to the new
useraccounts.

C.
Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the
Delegation of Control Wizard.

D.
Move the user accounts of the technicians to a separate OU. Enforce permission
inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control
Wizard on the AllEmployeesOU.

Explanation:



Leave a Reply 4

Your email address will not be published. Required fields are marked *


Jan

Jan

Wrong answer. Answer is C. You dont have to make extra accounts. Just enforce the permission inheritance and delegate.

Coy

Coy

No, I think B is correct. Thats looks like a Problem with AdminSDHolder.

Sjoerd Stefma

Sjoerd Stefma

B is correct The AdminSDHolder is on the Backup Operators Group

A is als a option but is not the same permissions as a backup operator group: Members of this group can back up and restore all files on domain controllers in the domain, regardless of their own individual permissions on those files. Backup Operators can also log on to domain controllers and shut them down. This group has no default members. Because this group has significant power on domain controllers, add users with caution.