HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You create two global groups named Group1 and Group2. The group membership of each
group is shown in the following table.
You create the Password Settings objects (PSOs) shown in the following table.
In the table below, identify which PSOs will apply to User1 and User2. Make only one
selection in each column.
Explanation:
Note:
* PSO2 has the lowest precedence. PSO2 is linked to GROUP1. Both User1 and User2 are
members of Group1.
* Precedence. This is an integer value that is used to resolve conflicts if multiple PSOs are
applied to a user or group object.
* Each PSO has an additional attribute named msDS-PasswordSettingsPrecedence, which
assists in the calculation of RSOP. The msDS-PasswordSettingsPrecedence attribute has
an integer value of 1 or greater. A lower value for the precedence attribute indicates that the
PSO has a higher rank, or a higher priority, than other PSOs. For example, suppose an
object has two PSOs linked to it. One PSO has a precedence value of 2 and the other PSO
has a precedence value of 4. In this case, the PSO that has the precedence value of 2 has a
higher rank and, hence, is applied to the object.
* If multiple PSOs are linked to a user or group, the resultant PSO that is applied is
determined as follows:
1. A PSO that is linked directly to the user object is the resultant PSO. (Multiple PSOs
should not be directly linked to a user object.)
2. If no PSO is linked directly to the user object, the global security group memberships
of the user, and all PSOs that are applicable to the user based on those global group
memberships, are compared. The PSO with the lowest precedence value is the resultant
PSO.
3. If no PSO is obtained from conditions (1) and (2), the Default Domain Policy is
applied.