Which tool should you use to create the accounts?

Your network contains an Active Directory domain named adatum.com.
The password policy of the domain requires that the passwords for all user accounts be
changed every 50 days.
You need to create several user accounts that will be used by services. The passwords for
these accounts must be changed automatically every 50 days.
Which tool should you use to create the accounts?

Your network contains an Active Directory domain named adatum.com.
The password policy of the domain requires that the passwords for all user accounts be
changed every 50 days.
You need to create several user accounts that will be used by services. The passwords for
these accounts must be changed automatically every 50 days.
Which tool should you use to create the accounts?

A.
Active Directory Administrative Center

B.
Active Directory Users and Computers

C.
Active Directory Module for Windows PowerShell

D.
ADSI Edit

E.
Active Directory Domains and Trusts

Explanation:
Use the New-ADServiceAccount cmdlet in PowerShell to create the new accounts as
managed service accounts. Managed service accounts offer Automatic password
management, making password management easier.
Reference 1)
http://technet.microsoft.com/en-us/library/dd367859.aspx
What are the benefits of new service accounts?
In addition to the enhanced security that is provided by having individual accounts for critical
services, there are four important administrative benefits associated with managed service
accounts:
(…)
Unlike with regular domain accounts in which administrators must reset passwords
manually, the network passwords for these accounts will be reset automatically.
(…)
Reference 2)
http://technet.microsoft.com/en-us/library/dd391964.aspx
Use the Active Directory module for Windows PowerShell to create a managed service
account.
Reference 3)
http://technet.microsoft.com/en-us/library/dd548356.aspx
To create a new managed service account
1. On the domain controller, click Start, and then click Run. In the Open box, type dsa.msc,
and then click OK to open the Active Directory Users and Computers snap-in. Confirm that
the Managed Service Account container exists.
2. Click Start, click All Programs, click Windows PowerShell 2.0, and then click the Windows
PowerShell icon.
3. Run the following command: New-ADServiceAccount [-SAMAccountName <String>] [-
Path <String>].
Reference 4)
http://technet.microsoft.com/en-us/library/hh852236.aspx
Use the -ManagedPasswordIntervalInDays parameter with New-ADServiceAccount to
specify the number of days for the password change interval.
-ManagedPasswordIntervalInDays<Int32>Specifies the number of days for the password
change interval. If set to 0 then the default is used. This can only be set on object creation.

After that the setting is read only. This value returns the msDSManagedPasswordInterval of
the group managed service account object.
The following example shows how to specify a 90 day password changes interval:
-ManagedPasswordIntervalInDays 90



Leave a Reply 0

Your email address will not be published. Required fields are marked *

five × one =