Your network contains an Active Directory domain named contoso.com. Domain controllers run
either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a
Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which tool
should you use?
A.
Get-ADDomainControllerPasswordReplicationPolicy
B.
Get-ADDefaultDomainPasswordPolicy
C.
Active Directory Administrator Centre
D.
Local Security Policies
Explanation:
http://technet.microsoft.com/en-us/library/ee617231.aspx
To get a list of all the properties of an ADFineGrainedPasswordPolicy object, use the following
command:
Get-ADFineGrainedPasswordPolicy<fine grained password policy> -Properties * | Get-Member […]
EXAMPLE 2
Command Prompt: C:\PS>
Get-ADFineGrainedPasswordPolicyAdminsPSO Name: AdminsPSO ComplexityEnabled: True
LockoutThreshold: 0
ReversibleEncryptionEnabled : True
LockoutDuration: 00:30:00
LockoutObservationWindow: 00:30:00
MinPasswordLength: 10
Precedence: 200
ObjectGUID: ba1061f0-c947-4018-a399-6ad8897d26e3
ObjectClass: msDS-PasswordSettings
PasswordHistoryCount: 24
MinPasswordAge: 1.00:00:00
MaxPasswordAge: 15.00:00:00
AppliesTo: {}
DistinguishedName: CN=AdminsPSO,CN=Password Settings
Container,CN=System,DC=FABRIKAM,
DC=COM
Description: Get the Fine Grained Password Policy named `AdminsPSO’.
This is the wrong explanation (from here http://www.aiotestking.com/microsoft/which-tool-should-you-use-284/) but the right answer.
https://technet.microsoft.com/en-us/library/hh831702.aspx#fine_grained_pswd_policy_mgmt