You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory forest. The AD forest was running at the functional level of Windows Server 2008.
The forest contains two domains named contoso.com and na.contoso.com. All the servers on the network run Windows Server 2008 and all client computers run Windows Vista.
The domain na.contoso.com contains an organizational unit (OU) called SecurityOU and the domain contoso.com contains a user called Ben.
You have been asked to assign administrative rights to Ben so that he can manage Group Policies for the SecurityOU. While assigning administrative rights, you need to ensure that Ben must be granted the least administrative rights necessary to create and configure Group Policies in na.contoso.com and link Group Policies to the SecurityOU.
Which of the following options would you choose to accomplish the desired goal? (Select two. Each selected option will present a part of the answer.)
A.
Run the Delegation of Control Wizard on na.contoso.com.
B.
Run the Delegation of Control Wizard on the SecurityOU.
C.
In the Group Policy Management Console, modify the permissions of the Group Policy Objects container in the contoso.com domain.
D.
In the Group Policy Management Console, modify the permissions of the Group Policy Objects container in the na.contoso.com domain.
E.
Add User1 to the Group Policy Creator Owners group in contoso.com.
F.
Add User1 to the Administrators group for na.contoso.com.
G.
Modify the permissions on the SecurityOU.
Explanation:
To ensure that Ben must be granted the least administrative rights necessary to create and configure Group Policies in na.contoso.com and link Group Policies to the SecurityOU, you need to run the Delegation of Control Wizard on the Security OU. In the Group Policy Management Console, modify the permissions of the Group Policy Objects container in the na.contoso.com domain.
A Delegation wizard is used to facilitate the delegation of administrative rights over containers within Active Directory. Therefore it needs to be run on the SecurityOU. The Delegation wizard dynamically creates access control entries on the target container object according to the options specified in the wizard.
The Delegation of Control Wizard provides an additional level of granularity allowing for custom-built tasks to be assigned to specific users or groups.